Incident Response Terms in Cyber Security

Threat: Definition: A potential for harm to information or systems. Example: Malware, hacking attempts, or social engineering attacks. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Vulnerability: Definition: A weakness in a system or process that could be exploited. Example: Unpatched software, misconfigured settings, or weak passwords. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Asset: Definition: Any information or resource that needs protection (e.g., data, hardware, software). Example: Customer databases, servers, intellectual property. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Exposure: Definition: The extent to which an asset is vulnerable to threats. Example: An unsecured server accessible from the internet. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Breach: Definition: Unauthorized access to or disclosure of information. Example: Data breach where sensitive information is accessed without authorization. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Exploit: Definition: Taking advantage of a vulnerability to gain unauthorized access or cause harm. Example: Using a software flaw to execute malicious code on a system. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Incident: Definition: Any event that could potentially compromise security. Example: A security alert triggered by suspicious network activity. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Intrusion: Definition: Unauthorized access to a system or network. Example: A hacker gaining unauthorized entry into a company's network.
Security Controls:
These controls safeguard information and systems through different approaches: Physical Controls: Limit physical access to systems and data (e.g., security badges, locked doors). Logical Controls: Implement software-based measures to restrict access and protect information (e.g., passwords, firewalls, encryption). Administrative Controls: Policies, procedures, and guidelines for secure behavior and system usage (e.g., password policies, data security protocols). 4. Security Controls by Type:
Controls can also be categorized based on their primary function: Preventive Controls: Aim to stop security incidents from happening in the first place (e.g., firewalls, strong passwords). Detective Controls: Help identify security incidents that have already occurred (e.g., intrusion detection systems, log monitoring). Corrective Controls: Aim to recover from security incidents and minimize damage (e.g., data backups, incident response procedures).

Comments

Popular posts from this blog

Computer Architecture vs Computer Organization

Memory Mapping (Good fit, bad fit, worst fit) and their Comparison