Вы находитесь на странице: 1из 4


the quality or state of being secure -- to be free from danger

physical security, personnel security, operations security,
communications security, network security, information
the six layers of security an organization should have in place to
protect its operations
physical security
the protection of physical items, objects, or areas from
unauthorized access and misuse
personnel security
the protection of the individual or groups of individuals who are
authorized to access the organization and its operations
operations security
the protection of the details of a particular operation or series of
communications security
the protection of communications media, technology, and
network security
the protection of networking components, connections, and
information security
the protection of the confidentiality, integrity, and availability of
information assets, whether in storage, processing or
transmission; achieved via the application of policy, education,
training and awareness, and technology
information security (CNSS definition)
the protection of information and its critical elements, including
the system and hardware that use, store, and transmit that
Committee on National Security Systems
CIA triangle

computer security concept based on the three characteristics that

give information organizational value: confidentiality, integrity,
and availability
a subject or object's ability to use, manipulate, modify, or affect
another subject or object
the organizational resource that is being protected
an intentional or unintentional act that can cause damage to or
otherwise compromise information and/or the systems that
support i
control, safeguard, or countermeasure
security mechanisms, policies, or procedures that can
successfully counter attacks, reduce risk, resolve vulnerabilities,
and otherwise improve the security within an organization
a technique used to compromise a system
a condition or state of being exposed
a single instance of an information asset suffering damage or
unintended or unauthorized modification or disclosure
protection profile or security posture
the entire set of controls and safeguards, including policy,
education, training and awareness, that the organization
implements (or fails to implement) to protect the asset
the probability that something unwanted will happen
risk appetite
the quantity and nature of risk the organization is willing to

subject of an attack
an agent entity used to conduct the attack
object of an attack
the target entity of an attack
a category of objects, persons, or other entities that presents a
danger to an asset
threat agent
the specific instance or a component of a threat
a weakness or fault in a system or protection mechanism that
opens it to attack or damage
enables authorized users -- persons or computer systems -- to
access information without interference or obstruction and to
receive it in the requested format
when information is free from mistakes or errors and has the
value that the end user expects
the quality or state or being genuine or original, rather than a
reproduction or fabrication
e-mail spoofing
the act of sending an e-mail message with a modified field
when an attacker attempts to obtain personal or financial
information using fraudulent means, most often by posing as
another individual or organization
phishing undertaken by law enforcement

the quality or state of information that prevents disclosure or

exposure to unauthorized individuals or systems
salami theft
aggregation of information used with criminal theft
the quality or state of being whole, complete, and uncorrupted.