A methodology of establishing security policies and/or practices that is initiated by upper management.

Any event or circumstance that has the potential to adversely affect operations and assets.

The object, person, or other entity that represents a constant danger to an assets

The quality or state of being secure --- to be free from danger

Characteristic of information that refers to how up to date information is.

The logical models developed during the second step are revised the ensure that the ew system will meet the user requirements identified in the first step.

Attacks occur when an individual or group designs and deoloys software to attack a system.

An object, person, or other entity that represents a constant danger to an asset

Continuously monitor the software for security risks.

It can be a documented process to take advantage of a vulnerability or exposure, usually in software, that is either inherent in the software or created by the attacker.

Attack includes the execution of viruses, worms, trojans horses, and active web scriptswith the intent yo destroy or steal information

A condition or state of being exposed in information security, it exists when a vulnerability is known to an attack.

The team assessess the feasibility of the proposed project and selects a development methodology.

A type of SDLC in which each phase of the process "flows from" the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments.

The specific instance or a component of a threat

A technique used to compromise a system.

Responsible for storage, maintenance, and protection.

Hacks the public telephone network

The entire set of controls and safeguards, includ- ing policy, education, training and awareness, and technology, that the organization implements to protect the asset.

Component of information system that refers to the written instructions for accomplishing a specific task.

It exists when a vulnerability is known to an attack.

Malicious software that can steal information, delete files, deny access to data, or replicate itself.

It originate from a compromised system or resource that is malfunctioning or working under the control of a threat

Using social skills to convince people to reveal access credentials or other valuable info to the attacker.

End users who work with information and to protect their daily jobs supporting the mission of the organization.

A hacker that develops software scripts and codes. Usually a master of many skills. Often create attack software and share with others.

A subject or object's ability to use, manipulate, modify, or affect another subject or object. Authorized users have the legal access to a system. Access controls regulate this ability.

Occur when a manufacturer distributes equipment containing a known or unknown flaw.

Component of information system that created much of the need for increased computer and information security. When information systems are connected to each otherto form LANS

Characteristic of information that refers to an attribute of information that describes how the data's ownership or control is legitimate or authorized.

When computer is used as an active tool to conduct attack

Characteristic of information that refers to an attribute of information that describes how data is whole, complete and uncorrupted.

A hacker attempting to break in to an information.

Illegal taking of anothera proerty. Copied withou the owners content.

The weakiest link in an organisation's information security program.

A well known and briad category of electronic and human activities that can breach the confidentiality of information when unauthorized individual gains access to the information.

A method of establishing security policies and/or practices that begins as agrassroots effort in which systems administrators attempt to improve the security of their systems.

A hacker compromising a system using PC and using it to attack other system.

Characteristic of information that refers to an attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction.

A methodological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages. It attempts to intentionally create software free of vulnerabilities and provide effective, efficient software that users can deploy with confidence

An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it.

The team determines the user requirementfor the new system and develops logical models of the system

To protect information by putting it into a special code that only some people can read, especially information that is on a computer.

To protect networking components, connections and contents

The probability of an unwanted occurrence, such as an adverse event or loss.

Characteristic of information that refers to how data value or usefulness for an end purpose.

A type of information security threat that uses social engineering to trick users into giving up confidential information

Characteristic of information that refers to an attribute that describes how data is protected from disclosure or exposure to unauthorized individuals or obstruction.

A subset of communications security; the protection of voice and data networking

Component of information system that includes applications(programs) , OS, and assorted command utilities. Most difficult to secure.

A single instance of an information asset suffering damage or destruction, unintended or unauthorized modification or disclosure, or denial of use when an organization's information is stolen.

When computer is the entity being attacked.

Component of information system that refers to the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system

Is one that overtime changes the way ir appears to antivirus software programs making it undetectable by techniques that look for the pre-configured signatures.

To protect the individual or group of individuals who are authorized to access the organization and its operations.

Protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology. The protection of information and its critical elements, including the systems and hardware that use, store, and transmit the information

A potential weakness in an asset or its defensive control system.

A cyber security threat where an attacker holds a victim's computer system and data hostage, demanding payment before restoring access.

The ownership of ideas and control over the tangible or virtual representation of those idea.

A formal approach to solving a problem based on a structured sequence of procedures.

Someone who casually reads sensitive information not intended for his or her use.

Perpetrated by a hacker using a PC to break into a system.

An individual who cracks or removes protected design to prevent unauthorized duplication

Consists of segments of code that perform malicious actions.

It make use of existing software tools or custom made software components.

Outdated infrastructure can lead to unreliable and untrustworthy systems.

The logical models are converted into Physical models and may include network maps and description of servers and other devices to be used in the system.

An occurrence of an event caused by a threat agent.

Occurs with very little warning and are beyond control of people.

graphical representation of the architectural approach widely used in computer and information security; commonly shown as a cube composed of 3x3x3 cells, similarto a Rubik's Cube.

It allows the attacker to access the system bat will with special privileges.

Hackers of limited skills. Use expert written software to exploit a system. Do not usually fully understand the systems they hack.

The organizational resource that is being protected. It can be logical, such as a Web site, software information, or data; or can be physical, such as a person, computer system, hardware, or other tangible object. It particularly information of it , are the focus of what security efforts are attempting to protect.

Ex. A lightning strike that causes a building fire .

A category of objects, people, or other entities that represents the origin of danger to an asset --- in other words, a category of threat agents.

Situations where products or services are not delivered as expected.

To achieve balance, level of security must allow reasonable access

It is impossible to obtain perfect security

Occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it.

Security between protection and availability should not be balanced

To protect the details of a particular operation or series of activities

Are software program that hide their true nature and reveal their designed behaviour only when activated

To protect the physical items, objects, ir areas of an organization from unauthorizes access and misuse.

Acts done with no malicious intent

Component of information system that refers to what is stored, processed, and transmitted by a computer system must be protected. Often the most valuable asset of an organisation and therefore is the main target of intentional attacks.

Explores the contents of a web browser's cache and store

The industry standard for computer security; confidentiality, integrity, and availability.