Introduction

• There is no such thing as absolute computer security

• Theory is not the same as practice

CIA triangle

The CIA triangle states three key principles to consider in any secure system.

• Confidentiality - No unauthorised disclosure

• Integrity - No unauthorised change

• Availability - Users who should be able to access something are able to

Terminology

• Worm/virus - Self-replicating program which spreads across a network

• DOS - Denial of Service, when a service is overwhelmed by a abnormally high volume of traffic

• Social engineering - Exploiting a person to access a system

• Asset - Anything of value which needs to be protected, such as a database, device or reputation

• Vulnerability - A flaw in the design, implementation, operation or management of a system which can be exploited, such as weak passwords or a bug in a program

• Threat - The potential for a security violation which occurs when an attacker has capability and intention

• Risk - The expected loss given the threat, vulnerability and result

• Attack - an assault on security from actioning a threat

• Countermeasure - An action which prevents vulnerabilities, attacks or lessens their effects