COMP3143›Information Security Terminology

Cyber SecurityTopic 5 of 21

Information Security Terminology

2 minread

379words

Beginnerlevel

Information Security Terminology

Information Security (InfoSec) uses specific terms to describe concepts, processes, and elements involved in protecting information. Understanding these terms is essential for studying or working in cybersecurity.

1. Asset

Anything valuable that needs protection. Examples: data, hardware, software, networks, people.

2. Threat

Anything that has the potential to cause harm to an asset. Examples: hackers, malware, natural disasters.

3. Vulnerability

A weakness or flaw in a system that can be exploited by a threat. Examples: outdated software, weak passwords.

4. Risk

The possibility of a threat exploiting a vulnerability and causing damage. Risk = Threat × Vulnerability

5. Attack

An attempt to damage, steal, or gain unauthorized access to information. Examples: phishing attacks, ransomware attacks.

6. Exploit

A method or tool used to take advantage of a vulnerability. Example: code that exploits a software bug.

7. Control / Safeguard

Measures taken to reduce risk or protect assets. Types:

Technical controls: firewalls, encryption
Administrative controls: policies, training
Physical controls: locks, CCTV

8. Confidentiality

Ensuring information is accessible only to authorized people. Example: encryption.

9. Integrity

Ensuring information remains accurate and unaltered. Example: hashing, checksums.

10. Availability

Ensuring information and systems are available when needed. Example: backups, redundant servers.

11. Authentication

Verifying the identity of a user or device. Examples: passwords, biometrics, OTP.

12. Authorization

Determining what an authenticated user is allowed to do. Examples: user roles, access levels.

13. Accounting / Accountability

Tracking actions of users to ensure responsibility. Example: audit logs.

14. Non-repudiation

Ensuring a person cannot deny performing an action. Example: digital signatures.

15. Incident

Any event that compromises the security of data or systems. Examples: data breach, malware infection.

16. Incident Response

Steps taken to handle and recover from a security incident. Examples: detection → containment → eradication → recovery.

17. Encryption

Converting data into unreadable form to protect confidentiality. Example: AES, RSA.

18. Firewall

A security device or software that filters network traffic to prevent unauthorized access.

19. Malware

Malicious software designed to harm systems. Types: viruses, worms, trojans, ransomware.

20. Social Engineering

Tricking people into revealing confidential information. Examples: phishing, pretexting.

Conclusion

Information security terminology provides the foundation needed to understand how threats, vulnerabilities, and controls interact. Mastering these terms is essential for learning cybersecurity and applying proper protection techniques.

Previous topic 4

Understanding security and information security principles

Next topic 6

Who are the attackers and Advanced Persistent Threat (APT)

Past Papers

Open this section to load past papers

Click on Show Past Papers to see past papers.

COMP3143›Information Security Terminology

Cyber SecurityTopic 5 of 21

Information Security Terminology

2 minread

379words

Beginnerlevel

Information Security Terminology

1. Asset

Anything valuable that needs protection. Examples: data, hardware, software, networks, people.

2. Threat

Anything that has the potential to cause harm to an asset. Examples: hackers, malware, natural disasters.

3. Vulnerability

A weakness or flaw in a system that can be exploited by a threat. Examples: outdated software, weak passwords.

4. Risk

The possibility of a threat exploiting a vulnerability and causing damage. Risk = Threat × Vulnerability

5. Attack

An attempt to damage, steal, or gain unauthorized access to information. Examples: phishing attacks, ransomware attacks.

6. Exploit

A method or tool used to take advantage of a vulnerability. Example: code that exploits a software bug.

7. Control / Safeguard

Measures taken to reduce risk or protect assets. Types:

Technical controls: firewalls, encryption
Administrative controls: policies, training
Physical controls: locks, CCTV

8. Confidentiality

Ensuring information is accessible only to authorized people. Example: encryption.

9. Integrity

Ensuring information remains accurate and unaltered. Example: hashing, checksums.

10. Availability

Ensuring information and systems are available when needed. Example: backups, redundant servers.

11. Authentication

Verifying the identity of a user or device. Examples: passwords, biometrics, OTP.

12. Authorization

Determining what an authenticated user is allowed to do. Examples: user roles, access levels.

13. Accounting / Accountability

Tracking actions of users to ensure responsibility. Example: audit logs.

14. Non-repudiation

Ensuring a person cannot deny performing an action. Example: digital signatures.

15. Incident

Any event that compromises the security of data or systems. Examples: data breach, malware infection.

16. Incident Response

Steps taken to handle and recover from a security incident. Examples: detection → containment → eradication → recovery.

17. Encryption

Converting data into unreadable form to protect confidentiality. Example: AES, RSA.

18. Firewall

A security device or software that filters network traffic to prevent unauthorized access.

19. Malware

Malicious software designed to harm systems. Types: viruses, worms, trojans, ransomware.

20. Social Engineering

Tricking people into revealing confidential information. Examples: phishing, pretexting.

Conclusion

Previous topic 4

Understanding security and information security principles

Next topic 6

Who are the attackers and Advanced Persistent Threat (APT)

Past Papers

Open this section to load past papers

Click on Show Past Papers to see past papers.