Security

Vocabulary

CIA: Confidentiality, Integrity and Availability

A simple but widely-applicable security model is the CIA triad; standing for Confidentiality, Integrity and Availability; three key principles which should be guaranteed in any kind of secure system. This principle is applicable across the whole subject of Security Analysis, from access to a user's internet history to security of encrypted data across the internet. If any one of the three can be breached it can have serious consequences for the parties concerned.

Non-Repudiation - Inability to deny having taken an action

Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.

Authentication

Authentication is the process of determining whether someone or something is, in fact, who or what it is...

Vulnerability

Any kind of weakness (code or design etc) that could enable an attack

Threat

A potential danger that could cause harm to information or system

Threat Agent

An entity that exploits threat

Exploit

A practical method to take advantage of a specific vulnerability

Attack

The use of an exploit against an actual vulnerability

Attack Vector

A theoretical application of an attack, potential options for attack

Zero-Day Attack

A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. There is no defence for such vulnerability

Exposure

The severity and the probability of the attack and time between the announcement and patch fix for the vulnerability.

Mitigation

A strategy for reducing or eliminating the severity of an issue

Attack Surface

The collection of all entry points that could be used to attack the product, may be hardware or software that could be used to exploit

References:

http://www.doc.ic.ac.uk/~ajs300/security/CIA.htm