2. Essential Security Terminologies
• Asset : Organizational resource being protected.
• Access: ability to use, manipulate, modify, or affect another subject or
object.
• Attack: Act that causes damage to information or system.
• Control, safeguard or countermeasure : security mechanisms,
policies or procedures
• Exploit: An exploit is a way to take advantage of a vulnerability in
software. Typically, software updates patch these vulnerabilities,
which is why it’s so important to update both your software and
OS.
3. Essential Security Terminologies (cont’d)
• Exposure :single instance of being open to damage
• Hacking :to illegally gain access to a computer or system
• Risk :the probability that something can happen
• Security Blueprint: the plan for the implementation of new security
measures in the organization
• Security Model: collection of specific security rules that represents the
implementation of a security policy
• Threats: a category of objects, persons, or other entities that represents a
potential danger to an asset
• Threat Agent :a specific instance or component of a more general threat
• Vulnerability: weaknesses or faults in a system or protection mechanism
that expose information to attack or damage.
4. Essential Security Terminologies (cont’d)
• Adware : A type of malware that primarily exists to barrage the user with
advertisements. Common when you search the web for “free” software.
• Denial-of-Service Attack: A denial-of-service attack (DoS attack) occurs
when an attacker tries to make a service unreachable to legitimate users by
flooding it with illegitimate requests. Often, this comes as a distributed
denial-of-service attack (DDoS), where many different sources create the
flood of traffic.
• DDoS attacks can temporarily shut down websites, credit card payment
services, and similar. When a server suddenly receives millions of requests
per second, it simply can’t keep up with the traffic. This is similar to a large
group of people cramming the door of a store so that normal customers
can’t get in.
5. Essential Security Terminologies (cont’d)
• Botnet: A botnet refers to a group of
computers under control of an
attacker. Owners of the controlled
computers usually have no idea
they’re being controlled. With the
power of multiple machines, an
attacker can use a botnet to send
large amounts of spam, or perform a
distributed denial-of-service attack
• Command and control Centre
(C&C): is a computer that controls
the botnet
6. Essential Security Terminologies (cont’d)
• Encryption: encoding information so people who aren’t authorized to see
it have no way to access it.
• Firewall: is a barrier that shields a device or network from dangerous
traffic. It allows you to filter what kind of traffic can come in and go out of a
network. Firewalls can be either software (like the built-in Windows
firewall) or hardware.
• Hacker: is someone who seeks to exploit computer systems. Typically,
you’ll hear about white-hat and black-hat hackers. A white-hat hacker is
honest and works with companies to find and address vulnerabilities
before someone malicious can. A black-hat hacker tries to exploit
vulnerabilities to make money or similar.
7. Essential Security Terminologies (cont’d)
• Malware : (a combination of “malicious” and “software”) is a catch-all term
for dangerous programs. It encompasses viruses, worms, Trojans, spyware,
and other sorts of nasty software.
• Trojan horse: A piece of malware that often allows a hacker to gain remote
access to a computer through a “back door”.
• Worm: A piece of malware that can replicate itself in order to spread the
infection to other connected computers.
• Virus: is a type of malware that spreads by infecting other files. This contrasts
with other forms of standalone malware.
8. Essential Security Terminologies (cont’d)
• Spyware: is a type of malware that, as it sounds, is designed to spy on the
user. Due to its nature, spyware usually hides out of view and collects data
about the user’s computer and what he does. It then sends this data to
another server, perhaps to build advertising.
• Ransomware: is a type of malware that encrypts all the files on a computer
and demands payment to unlock them.
• Spam: refers to unwanted content online. Usually this means email spam—
junk messages for shady products and other nonsense. Spam is relatively
harmless, but often includes links to dangerous websites.
9. Essential Security Terminologies (cont’d)
• Zero-Day: A zero-day vulnerability is one that the software developer or
manufacturer isn’t aware of. A zero-day attack then, is something attackers
launch to exploit a vulnerability before the company even knows about it.
Because no user has received a patch on “day zero”, the vulnerability will
almost always succeed. Thus, these attacks are quite dangerous until they
are patched.
• Phishing: is an attempt to steal personal information by masquerading as a
legitimate entity. Often this involves a fake email that appears to come
from your bank, Apple, Google, etc. It claims that you need to confirm
some information by clicking a link, but doing so takes you to a fake
website. If you enter your info here, you’re handing it over to attackers.