Security, Functionality and Usability - Level of security in any system can be defined by the strength of
three components.
Threat Modeling - a risk assessment approach for analyzing security of an application by capturing,
organizing, and analyzing all the information that affects the security of an application
Zero-day - An attack that exploits computer application vulnerabilities before the software developer
releases a patch for the vulnerability
Daisy-chaining - It involves gaining access to one network and/or computer and then using the same
information to gain access to multiple networks and computers that contain desirable information
bots - a software application that can be use to control systems remotely to execute or automate
predefined tasks. Hackers use this to carry out malicious activity over the Internet such as distributed
denial-of-service (DDoS) attacks, keylogging, spying, etc
, doxing - Publishing personally identifiable information about an individual collected from publicly
available databases and social media. People with malicious intent collect this information from publicly
accessible channels such as the databases, social media and the Internet
IRT - Incident Response Team
Risk Management - this includes identifying organizational assets, threats to those assets, asset
vulnerabilities, exploring countermeasures to put in place to minimize risk as much as possible
3 types of controls - preventative, detective, or corrective
BIA - Business Impact analysis
MTD - Maximum Tolerable downtime: a means to prioritze the recovery of assets should the worst
occur
BCP - The Business Continuity plan is a set of plans and procedures to follow in the event of a failure or a
disaster to get business services up and running
DRP - Addressing what to do to recover any lost data or services. Disaster recovery plan
ALE - Annualized loss expectancy is the product of the ARO(Annual rate of occurence) and the SLE(Single
loss expectancy). It is the monetary loss that can be expected for an asset due to risk over a one-year
period.
Confidentiality - addressing the secrecy and privacy of information, refers to the measures taken to
prevent disclosure of information or data to unauthorized users or systems: Passwords are a common
measure
attacks against these are confidentiality attacks
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller oneclass. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.48. You're not tied to anything after your purchase.