Introduction to Computer Security

CIA Triad: The three pillars of computer security: confidentiality, integrity, and availability.
Confidentiality: Ensuring information is only accessible to authorized users.
Privacy: Control over how personal information is collected, used, and shared.
Secrecy: Intentionally concealing information or even its existence.
Integrity: Ensuring information and systems are accurate and unaltered. Includes data integrity and authenticity (verifying origin).
Availability: Ensuring systems and data are accessible and usable when needed.
Exfiltration: Unauthorized transfer of data out of a system.
Ransomware: Malware that encrypts files and demands payment for their release.
Hack-backs: Retaliatory hacking by defenders, usually illegal.
Prevention: Security measures designed to stop attacks from succeeding.
Detection: Identifying and reporting attempted or successful attacks.
Recovery: Restoring normal system operation after an attack or failure.
Forensics: Investigating incidents to determine what happened.
Security Policies and Mechanisms: Policies define what is allowed; mechanisms enforce them (technical or procedural).
Assurance: Confidence that policies and mechanisms are implemented correctly.
Assumptions: The expectations security depends on, such as trusted hardware, correct software, and proper configuration.
Security Architecture: The overall design of a system’s security controls and structure.
Security Engineering: Applying engineering principles to design, build, and evaluate secure systems.
Risk Analysis: Assessing the likelihood and impact of potential attacks to guide defenses.
Vulnerability: A flaw or weakness in software, hardware, or processes that can be exploited.
Exploit: A tool or technique that takes advantage of a vulnerability.
Attack: The execution of an exploit with malicious intent.
Attack Vector: The pathway an attacker uses to deliver an exploit.
Attack Surface: The total set of possible entry points an attacker could target.
Threat: The potential for harm that could exploit a vulnerability.
Adversary: The person, group, or state actor that carries out or attempts an attack.
Malicious Insider: An employee or contractor who abuses legitimate access.
Hat Colors: Categories of hackers: white hats (defensive), black hats (malicious), gray hats (in between).
Script Kiddies: Unskilled attackers who use pre-packaged tools.
Threat Matrix: Classification by intent (opportunistic vs. targeted) and capability (unskilled vs. skilled).
Advanced Persistent Threats (APT): Skilled, well-funded, often state-backed groups capable of long-term, stealthy operations.
Disclosure: A threat involving unauthorized access to or exposure of information.
Deception: A threat involving false data, spoofing, or repudiation.
Disruption: A threat involving interference with normal system operation.
Usurpation: A threat involving unauthorized control of a system.
Snooping (Eavesdropping): Unauthorized interception of communications.
Modification (Alteration): Unauthorized changes to data or code.
Masquerading (Spoofing): Pretending to be a trusted entity to gain access.
Repudiation of Origin: Falsely denying having sent a message or initiated an action.
Denial of Receipt: Falsely denying having received a message or data.
Delay: Intentionally holding back messages or actions to disrupt timing.
Denial of Service (DoS): Overwhelming a system to make it unavailable.
Internet Risk Factors: Properties of the Internet that make attacks easier: action at a distance, anonymity, asymmetric force, and lack of distinction.
Botnet: A collection of compromised machines controlled remotely.
Command and Control Server: The system that issues instructions to compromised machines.
Social Engineering: Attacks that manipulate people rather than technology.
Air Gap: Physical separation of systems from networks to prevent remote attacks.
Threat Models: Analyses that identify system components, trust boundaries, and potential vulnerabilities.
Trust Boundary: The point where data passes between trusted and untrusted entities.
Trusted Computing Base (TCB): The hardware, firmware, and software critical to enforcing security.
Supply Chain Attack: A compromise introduced through trusted third-party software, hardware, or updates.
Meltdown & Spectre: Hardware-level CPU flaws that bypass process isolation.
Security Theater: Measures that look protective but add little real security.
Principal: An entity (user, process, system) that can be authenticated and authorized.
Subject: An active process acting on behalf of a principal.
Tactics, Techniques, and Procedures (TTPs): Framework for describing how attackers operate: their goals, methods, and specific tools.
Lateral Movement: An attacker moving from one compromised system to others within a network.
Weakest Link: Security is only as strong as its most vulnerable component.
CVE (Common Vulnerabilities and Exposures): A unique identifier for a publicly disclosed vulnerability.
CVSS (Common Vulnerability Scoring System): A 0–10 scale for rating the severity of vulnerabilities.