You are on page 1of 4

Subject : ISS01 – INFORMATION SECURITY SYSTEMS

Due date : December 02, 2010


Professor : Larry R. Carbonel
Activity #1 : Definition of key terms
Submitted by : Razcel A. dela Peña; BSIT III-2

 ACCESS
 Definition
-The ability and means necessary to store data in, to retrieve data from, to communicate
with, or to make use of any resource of a system.
-To obtain the use of a resource.
- (COMSEC) [The] capability and opportunity to gain detailed knowledge of or to alter
information or material.
-(AIS) [The] ability and means to communicate with (i.e. , input to or receive output
from), or otherwise make use of any information, resource, or component in an AIS. Note
[for 3 and 4]: An individual does not have "access" if the proper authority or a physical,
technical, or procedural measure prevents him/her from obtaining knowledge or having
an opportunity to alter information, material, resources, or components.
- An assigned portion of system resources for one data stream of user communications or
signaling.
 Reference
 From website [On-line][ http://www.its.bldrdoc.gov/fs-1037/dir-
001/_0104.htm] available from [accessed 1 December 2010]
 ASSET
 Definition
- A resource with economic value that an individual, corporation or country owns or
controls with the expectation that it will provide future benefit.
- A balance sheet item representing what a firm owns.
 Reference
 From website [Online][http://www.investopedia.com/terms/a/asset.asp]
available from [accessed 1 December 2010]

 ATTACK
 Definition
- General: Realization of a threat.
- Computer security: Malicious action taken by a hacker, intruder, or
unauthorized user to cause damage to the system and/or to the data stored in it,
through exploitation of one or more system vulnerabilities.

 Reference
 Fromwebsite[Online]
[http://www.businessdictionary.com/definition/attack.html] available from
[accessed 1 December 2010]

 CONTROL, SAFEGUARD, OR COUNTERMEASURE


 Definition
- A countermeasure is an action, process, device, or system that can prevent, or mitigate
the effects of, threats to a computer, server or network. In this context, a threat is a
potential or actual adverse event that may be malicious or incidental, and that can
compromise the assets of an enterprise or the integrity of a computer or network.
 Reference
 From website [Online]
[http://searchsoftwarequality.techtarget.com/definition/countermeasure]
available from [accessed 1 December 2010]

 EXPLOIT
 Definition
- An exploit is a software program that takes advantage of a bug, defect or glitch in
another software program so that it executes in a way that the original writer did not
intend. Usually this is done for malicious purposes.
 Reference
 From website[Online]
[http://operationstech.about.com/od/glossary/g/Exploit.htm] available
from [accessed 1 December 2010]

 EXPOSURE
 Definition
- General: State or condition of being unprotected and open to damage, danger,
risk of suffering a loss in a transaction, or uncertainty.
 Reference
 From website[Online]
[http://www.businessdictionary.com/definition/exposure.html] available
from [accessed 1 December 2010]

 HACK
 Definition
- to program a computer in a clever, virtuosic, and wizardly manner. Ordinary computer
jockeys merely write programs; hacking is the domain of digital poets. Hacking is a
subtle and arguably mystical art, equal parts wit and technical ability, that is rarely
appreciated by non-hackers.
- To break into computer systems with malicious intent. This sense of the term is the one
that is most commonly heard in the media, although sense 1 is much more faithful to its
original meaning. Contrary to popular misconception, this sort of hacking rarely requires
cleverness or exceptional technical ability; most so-called "black hat" hackers rely on
brute force techniques or exploit known weaknesses and the incompetence of system
administrators.
 Reference
 Fromwebsite[Online][http://www.urbandictionary.com/define.php?
term=hack] available from [accessed 1 December 2010]

 OBJECT
 Definition
- Accounting: Purchased good or service itself as distinct from the purpose for
which it was bought.
- Modeling: Representation of the real world situation that can be modeled
according to the requirements of the modeling architecture.
- Programming: Self-contained software component that includes both data
(properties) and code (actions), and can be reused as a module in creating
different programs.
 Reference
 From website[Online]
[http://www.businessdictionary.com/definition/object.html] available from
[accessed 1 December 2010]

 RISK
 Definition
- The quantifiable likelihood of loss or less-than-expected returns
 Reference
 From website[Online http://www.investorwords.com/4292/risk.html]
available from [accessed 1 December 2010]

 SECURITY BLUEPRINT
 Definition
- A detailed plan of action.
- A model or prototype.
 Reference
 Fromwebsite[Online][ http://www.thefreedictionary.com/blueprint]
available from [accessed 1 December 2010]

 SECURITY MODEL
 Definition
- A formal statement of the intrinsic security features to be provided by a system. The
statement usually includes a detailed specification, often in mathematical notation, of the
allowed and prohibited relationships between subjects and objects according to their
respective security clearance and security classifications. It may furthermore specify the
events that must be recorded in the audit trail.
 Reference
 Fromwebsite[Online][ http://www.encyclopedia.com/doc/1O11-
securitymodel.html] available from [accessed 1 December 2010]

 SECURITY POSTURE OR SECURITY PROFILE


 Definition
- Overall security plan, which protects from internal and external threats.
 Reference
 Fromwebsite[Online]
[http://technology.inc.com/security/articles/200805/posture.html] available
from [accessed 1 December 2010]
 SUBJECT
 Definition
- a person or thing that is being discussed or dealt with or that gives rise to something.
 Reference
 Fromwebsite[Online][ http://www.wordreference.com/definition/subject]
available from [accessed 1 December 2010]

 THREATS
 Definition
- Risk: (1) Indication of an approaching or imminent menace. (2) Negative event
that can cause a risk to become a loss, expressed as an aggregate of risk,
consequences of risk, and the likelihood of the occurrence of the event. A threat
may be a natural phenomenon such as an earthquake, flood, storm, or a man made
incident such as fire, power failure, sabotage, etc.
- Computer security: Action or potential occurrence (whether or not malicious) to
breach the security of the system by exploiting its known or unknown
vulnerabilities. It may be caused by (1) gaining unauthorized access to stored
information, (2) denial of service to the authorized users, or (3) introduction of
false information to mislead the users or to cause incorrect system behavior
(called spoofing)
 Reference
 Fromwebsite[Online]
[http://www.businessdictionary.com/definition/threat.html] available from
[accessed 1 December 2010]

 THREAT AGENT
 Definition
- Method used in breaching the security of a facility, operation, or system by
exploiting a vulnerability.
 Reference
 Fromwebsite[Online]
[http://www.businessdictionary.com/definition/threat-agent.html]
available from [accessed 1 December 2010]

 VULNERABILITY
 Definition
- Degree to which people, property, resources, systems, and cultural, economic,
environmental, and social activity is susceptible to harm, degradation, or
destruction on being exposed to a hostile agent or factor.
 Reference
 Fromwebsite[Online]
[http://www.businessdictionary.com/definition/vulnerability.html]
available from [accessed 1 December 2010]