To protect the physical items, objects, ir areas of an organization from unauthorizes access and misuse.

To protect the individual or group of individuals who are authorized to access the organization and its operations.

To protect the details of a particular operation or series of activities

To protect networking components, connections and contents

A subset of communications security; the protection of voice and data networking

Protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology. The protection of information and its critical elements, including the systems and hardware that use, store, and transmit the information

The quality or state of being secure --- to be free from danger

To protect information by putting it into a special code that only some people can read, especially information that is on a computer.

A subject or object's ability to use, manipulate, modify, or affect another subject or object. Authorized users have the legal access to a system. Access controls regulate this ability.

The organizational resource that is being protected. It can be logical, such as a Web site, software information, or data; or can be physical, such as a person, computer system, hardware, or other tangible object. It particularly information of it , are the focus of what security efforts are attempting to protect.

An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it.

Someone who casually reads sensitive information not intended for his or her use.

A hacker attempting to break in to an information.

Ex. A lightning strike that causes a building fire .

Perpetrated by a hacker using a PC to break into a system.

A hacker compromising a system using PC and using it to attack other system.

It originate from the threat itself

It originate from a compromised system or resource that is malfunctioning or working under the control of a threat

A technique used to compromise a system.

It can be a documented process to take advantage of a vulnerability or exposure, usually in software, that is either inherent in the software or created by the attacker.

It make use of existing software tools or custom made software components.

A condition or state of being exposed in information security, it exists when a vulnerability is known to an attack.

A single instance of an information asset suffering damage or destruction, unintended or unauthorized modification or disclosure, or denial of use when an organization's information is stolen.

The probability of an unwanted occurrence, such as an adverse event or loss.

Any event or circumstance that has the potential to adversely affect operations and assets.

The specific instance or a component of a threat

An occurrence of an event caused by a threat agent.

A category of objects, people, or other entities that represents the origin of danger to an asset --- in other words, a category of threat agents.

A potential weakness in an asset or its defensive control system.

Characteristic of information that refers to how up to date information is.

Characteristic of information that refers to an attribute of information that describes how data is genuine or original rather than reproduced or fabricated.

Characteristic of information that refers to an attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction.

Characteristic of information that refers to an attribute that describes how data is protected from disclosure or exposure to unauthorized individuals or obstruction.

Characteristic of information that refers to an attribute of information that describes how data is whole, complete and uncorrupted.

Characteristic of information that refers to an attribute of information that describes how the data's ownership or control is legitimate or authorized.

Characteristic of information that refers to how data value or usefulness for an end purpose.

Characteristic of information that is free from mistakes or errors and has the value that the end user expects.

Component of information system that includes applications(programs) , OS, and assorted command utilities. Most difficult to secure.

Component of information system that refers to the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system

Component of information system that refers to what is stored, processed, and transmitted by a computer system must be protected. Often the most valuable asset of an organisation and therefore is the main target of intentional attacks.

The weakiest link in an organisation's information security program.

Component of information system that refers to the written instructions for accomplishing a specific task.

Component of information system that created much of the need for increased computer and information security. When information systems are connected to each otherto form LANS

The protection of information and its critical elements including systems and hardware that use , store, and transmit that information.

The entire set of controls and safeguards, includ- ing policy, education, training and awareness, and technology, that the organization implements to protect the asset.

The industry standard for computer security; confidentiality, integrity, and availability.

graphical representation of the architectural approach widely used in computer and information security; commonly shown as a cube composed of 3x3x3 cells, similarto a Rubik's Cube.

A methodology of establishing security policies and/or practices that is initiated by upper management.

A method of establishing security policies and/or practices that begins as agrassroots effort in which systems administrators attempt to improve the security of their systems.

A methodology for the design and implementation of an information system.

A formal approach to solving a problem based on a structured sequence of procedures.

A type of SDLC in which each phase of the process "flows from" the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments.

A methodological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages. It attempts to intentionally create software free of vulnerabilities and provide effective, efficient software that users can deploy with confidence

When computer is used as an active tool to conduct attack

When computer is the entity being attacked.

It is impossible to obtain perfect security

It is a process, not an absolute

Security between protection and availability should not be balanced

To achieve balance, level of security must allow reasonable access

The logical models are converted into Physical models and may include network maps and description of servers and other devices to be used in the system.

The team assessess the feasibility of the proposed project and selects a development methodology.

The team determines the user requirementfor the new system and develops logical models of the system

The logical models developed during the second step are revised the ensure that the ew system will meet the user requirements identified in the first step.

Continuously monitor the software for security risks.

Responsible for the security and use of a particular set of information.

Responsible for storage, maintenance, and protection.

End users who work with information and to protect their daily jobs supporting the mission of the organization.

A type of information security threat that uses social engineering to trick users into giving up confidential information

Malicious software that can steal information, delete files, deny access to data, or replicate itself.

A cyber security threat where an attacker holds a victim's computer system and data hostage, demanding payment before restoring access.

An object, person, or other entity that represents a constant danger to an asset

The ownership of ideas and control over the tangible or virtual representation of those idea.

Attacks occur when an individual or group designs and deoloys software to attack a system.

Are software program that hide their true nature and reveal their designed behaviour only when activated

Consists of segments of code that perform malicious actions.

It allows the attacker to access the system bat will with special privileges.

Is one that overtime changes the way ir appears to antivirus software programs making it undetectable by techniques that look for the pre-configured signatures.

Situations where products or services are not delivered as expected.

A well known and briad category of electronic and human activities that can breach the confidentiality of information when unauthorized individual gains access to the information.

Occurs with very little warning and are beyond control of people.

Acts done with no malicious intent

Occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it.

Destroy an asset or damage the image of an organization.

Illegal taking of anothera proerty. Copied withou the owners content.

Occur when a manufacturer distributes equipment containing a known or unknown flaw.

Outdated infrastructure can lead to unreliable and untrustworthy systems.

Take advantage of a vulnerability to compromise a controlled system.