CIA Triads: + Authentication, Authorization, Non-Repudiation(Accountability)
- Confidentiality: Data is private to the owners. Eg. Algo(AES,
- Integrity: Data is untempered. Eg. Hashing Algo(MD5, SHA )
- Availability: Accessibility of networks, systems, applications, and data by authorized users. Eg. DoS (Denial of Service)
- Authentication: Identity of a user or service. Integrity Comes with Authenticity.
- Authorization: Access rights of a user.
- Non-Repudiation: Accountability of a user.
- Any Information System will have a perfect balance between security, functionality, and usability.
- IF any one of these goes up, other 2 will go down.
-
-
Network, Host, Application based threats.
-
Vulnerability: Gap/Weakness in the system. eg. door with a fragile lock
-
Risk: Potential damage, or loss of data or assets. Also, Asset + Threat + Vulnerability = Risk.
-
Threat: Event that can exploit the vulnerability or Something that can damage or destroy an asset. eg. DDoS, phishing, SQL injection, man-in-the-middle (MitM), and malware, natural disasters.
-
Exploit: The mechanism that someone uses to get into system. eg. keys, hammer, or lockpick to break the fragile lock.
-
Payloads: piece of code, eg. Trojans/RATs, keyloggers, reverse shells.
-
Zero Day: Unknown Vulnerabilities to User & Owner.
-
Doxxing: Making private data publicaly available for exposure, finanacial harm etc.
-
Botnet: Infected network of computers.
-
- Eg. First, a vulnerability exposes your organization to threats.
-
- Second, A threat is a malicious or negative event that takes advantage of a vulnerability.
-
- Finally, the risk is the potential for loss and damage when the threat occurs