Hardware
Including computer systems and other data processing, data storage, and data communications devices
Software
includes the operating system, system utilities and its applications Data including files and databases, and security-related data such as password files.
 |
| Security Concepts and Relationships |
Computer Security Terminology
Adversary (threat agent)
An entity that attacks, or is a threat to, a system.
Attack
An attack on system security emanating from a smart threat; that is, an intelligent act that is a willful attempt (particularly in the sense of a method or technique) to circumvent security services and violate a system's security policy.
Countermeasure
An action, device, procedure, or technique that reduces a threat, vulnerability, or attack by eliminating or preventing it, minimizing the harm it can cause, or detecting and reporting it Corrective action can be taken.
Risk
An expectation of loss expressed as the probability that a given threat will exploit a given vulnerability with a given malicious outcome.
Security Policy
Data contained in an information system; or a service provided by a system; or a system capability, such as B. processing power or communication bandwidth; or an item of system equipment (ie a system component: hardware, firmware, software or documentation); or a facility housing system operations and equipment.
System Resource (Asset)
The potential for a security breach that exists when there is a circumstance, ability, action, or event that could breach security and cause harm. That is, a threat is a potential danger that could exploit a weakness
Threat
An error or weakness in the design, implementation, or operation and administration of a system that could be exploited to violate the system's security policy
Communications Equipment and Networks: Local and wide area network communication links, bridges, routers, etc.
In the context of security, we address vulnerabilities in system resources. [NRC02] lists the following general categories of vulnerabilities for a computer system or network resource:
• It can be corrupted, causing it to do something wrong or provide incorrect answers. For example, stored data values may differ from what they should be because they have been incorrectly modified.
• May leak. For example, someone who should not have access to some or all of the information available over the network is granted that access.
• May become unavailable or very slow. That is, using the system or the network becomes impossible or impractical.
These three general types of vulnerabilities correspond to the concepts of integrity, confidentiality, and availability listed earlier in this section. The different types of vulnerabilities for a system resource correspond to threats that can exploit those vulnerabilities. A threat represents potential damage to the security of an asset. An attack is a threat that is executed (threat action) and, if successful, results in an unintended security breach or threat outcome. The agent performing the attack is called the attacker or threat agent.We can distinguish between the types of attacks:
Active attack: An attempt to alter system resources or affect their operation.
Passive attack: An attempt to learn or make use of information from the system that does not affect system resources. We can also classify attacks based on the origin of the attack.
Inside attack: Initiated by an entity inside the security perimeter (an “insider”). The insider is authorized to access system resources but uses them in a way not approved by those who granted the authorization.
Outside attack: Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an “outsider”). On the Internet, potential outside attackers range from amateur pranksters to organized criminals, inter-national terrorists, and hostile governments
Finally, a countermeasure is any means taken to deal with a security attack. Ideally, a countermeasure can be devised to prevent a particular type of attack from being successful. When prevention is not possible or fails in any case, the goal is to detect the attack and then recover from the effects of the attack. A countermeasure can itself introduce new vulnerabilities. In both cases, residual vulnerabilities may remain after countermeasures are imposed.Such vulnerabilities can be exploited by threat actors that pose residual risk to assets. Owners will try to minimize this risk given other restrictions.
No comments:
Post a Comment