This document defines key terms related to information security including availability, integrity, confidentiality, shoulder surfing, and social engineering. It also defines vulnerability as a weakness that can be exploited, threat as any potential danger associated with exploiting a vulnerability, and risk as the likelihood of a threat agent exploiting a vulnerability and the corresponding impact. The document expresses that risk is calculated as asset + threat + vulnerability.
This document defines key terms related to information security including availability, integrity, confidentiality, shoulder surfing, and social engineering. It also defines vulnerability as a weakness that can be exploited, threat as any potential danger associated with exploiting a vulnerability, and risk as the likelihood of a threat agent exploiting a vulnerability and the corresponding impact. The document expresses that risk is calculated as asset + threat + vulnerability.
This document defines key terms related to information security including availability, integrity, confidentiality, shoulder surfing, and social engineering. It also defines vulnerability as a weakness that can be exploited, threat as any potential danger associated with exploiting a vulnerability, and risk as the likelihood of a threat agent exploiting a vulnerability and the corresponding impact. The document expresses that risk is calculated as asset + threat + vulnerability.
Availability Reliable and timely access to data and resources is provided
to authorized individuals. Integrity Accuracy and reliability of the information and systems are provided and any unauthorized modification is prevented. Confidentiality Necessary level of secrecy is enforced and unauthorized disclosure is prevented. Shoulder surfing Viewing information in an unauthorized manner by looking over the shoulder of someone else. Social engineering Gaining unauthorized access by tricking someone into divulging sensitive information. A vulnerability (im yu): is a lack or a weakness in a countermeasure. It can be a software, hardware, procedural, or human weakness that can be exploited A threat (nguy c): is any potential danger that is associated with the exploitation of a vulnerability. A risk (ri ro): is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact. ==> A(asset) + Thread + Vulnerability = Risk