Thursday, December 14, 2017

Learning the language of cybersecurity - Capitol Technology University (Since 1927 Located Near Washington D.C.)

Direct Link: https://www.captechu.edu/node/2901

As in any technical discipline, cybersecurity students learn to master the tools and resources needed for the work they do.

They also become familiar with the terminology used by cybersecurity professionals in the field. Are you interested in studying to become a “white hat hacker” and use your skills to conduct authorized exploits against networks and systems? As a cybersecurity student you’ll find out how. And you’ll also become conversant with the terms below.

Confidentiality, Integrity, and Availability. The “CIA Triad,” not to be confused with the Central Intelligence Agency, constitutes the benchmarks that all cybersecurity initiatives measure themselves by. Confidentiality means that only authorized users have access to information. Integrity means that information is accurate and complete. Availability means that authorizers have, in fact, the ability to access the information.

McCumber Cube. Organizations are complex, as are their information needs and security goals. A cybersecurity framework developed by John McCumber in 1991 uses a Rubik’s Cube as a way of conceptualizing this complexity and identifying the many factors involved. The cube brings together desired goals (confidentiality, integrity, and availability), information states (storage, transmission, and processing), and safeguards (policies and practices, human factors, and technology).

Defense in Depth. Also dubbed the “Castle Approach,” defense-in-depth refers to the strategy of creating security controls at multiple levels throughout an IT system. In doing so, should any one security control fail, others will continue to provide protection.

Penetration testing. To identify possible weaknesses, organizations sometimes authorize cybersecurity professionals to launch attacks on computer systems with the goal of uncovering security holes. This kind of authorized intrusion is sometimes colloquially known as “white hat hacking.”

Zero Day Attack. Sometimes cyber adversaries will find out about a software flaw before the maker or vendor of that software becomes aware of the problem. They will then hurry to take advantage of the vulnerability before it is discovered and fixed. Such scenarios – which can include planting malware or accessing sensitive data -- are known as a “zero day attack.”

No comments:

Post a Comment