Professional Documents
Culture Documents
Non-repudiation: Non-repudiation refers to the Access control: Access control refers to the mecha-
ability to verify that a given action or transac- nisms used to restrict access to systems and resources.
tion has been performed by a specific user or This involves implementing authentication and autho-
entity, and that the user cannot deny having rization mechanisms to ensure that only authorized
performed the action. users can access sensitive information and systems.
Auditing: Auditing refers to the process of mon- Risk management: Risk management refers to the pro-
itoring and recording system activity to detect cess of identifying, assessing, and mitigating security
and respond to security threats. This involves
risks. This involves analyzing potential threats and vul-
tracking user activity, system events, and other
security-related information to identify poten- nerabilities, and implementing strategies to reduce the
tial security breaches or anomalies. likelihood and impact of security incidents.
Encryption: Encryption refers to the process of encoding information in a way that makes it un-
readable without a key or password. This is often used to protect sensitive information, such as
passwords, credit card numbers, and other personal data.
Authentication: is the process of verifying the identity of a user or device attempting to access a
system or resource. Authentication is a critical component of information security, as it ensures
that only authorized users are able to access sensitive information and systems.
Malware: Malware refers to any type of A man-in-the-middle (MitM) attack is a type of cyber
malicious software designed to damage, attack in which an attacker intercepts communication
disrupt, or gain unauthorized access to a between two parties and alters or manipulates the
system or network. Malware can take many communication in some way, often to steal sensitive
forms, including viruses, trojans, worms, and information or gain unauthorized access to a system or
ransomware. network.
A virus is a type of malicious software
WiFi eavesdropping, also known as "wireless eaves-
(malware) that can infect a computer or
dropping" or "WiFi snooping," is a type of cyber
other device and replicate itself by attaching
attack in which an attacker uses a tool such as
to other files or programs on the system.
a wireless packet sniffer to capture and analyze
When a virus infects a system, it can cause
wireless network traffic in order to steal sensitive
a range of problems, including slowing down
information. This type of attack is possible because
or crashing the system, stealing personal
wireless networks use radio waves to transmit data, which
and financial information, and spreading to
can be intercepted by anyone within range of the network.
other devices connected to the network.
A worm is a type of malicious software DNS spoofing, also known as DNS cache poisoning or
(malware) that can replicate itself and DNS hijacking, is a type of cyber attack in which an
spread across computer networks without attacker intercepts and alters Domain Name System
human intervention. Unlike viruses, worms (DNS) traffic to redirect users to fake websites that look
do not need to attach themselves to other legitimate but are actually used to steal login credentials
files or programs to spread; they can simply or other sensitive information. For example, an attacker
copy themselves and spread to other devices could set up a fake login page for a popular website and
or systems connected to the same network. direct users to the fake page instead of the real one.
Social engineering is a type of cyber attack A Denial of Service (DoS) attack is a type of cyber attack
in which attackers use psychological ma- in which an attacker attempts to disrupt or overload a
nipulation and deception to trick users into computer system or network with a flood of traffic or
divulging sensitive information, performing requests, rendering the system or network inaccessible to
an action, or providing access to a system legitimate users. The goal of a DoS attack is to prevent
or network. Social engineering attacks rely users from accessing a resource or service.
on exploiting human vulnerabilities, such as
trust, fear, or curiosity, rather than technical
vulnerabilities in systems or networks.
Phishing: Phishing is a type of social
engineering attack in which attackers send Flood attacks: The attacker floods the target system
fraudulent emails or messages that appear or network with traffic or requests, overwhelming
to come from a trusted source, such as a the system’s resources and causing it to become
bank or a government agency, in an attempt unresponsive. There are several types of flooding
to trick users into revealing sensitive attacks: HTTP flood, SYN flood, UDP flood...
information or clicking on a malicious link.
Baiting: Baiting is a type of social
Distributed Denial of Service (DDoS) attacks: The
engineering attack in which attackers offer
attacker uses a network of compromised computers,
something of value, such as a free download
known as a botnet, to flood the target system
or a gift card, in an attempt to trick
or network with traffic or requests. In this kind of
users into clicking on a malicious link or
attack, there are multiple sources of overwhelming traffic.
downloading a malicious file.
There are three basic types of security controls: administrative, technical, and
physical. Each type of control serves a different purpose and helps protect
against different types of threats. Here’s a brief overview of each type of
control and how they can be used to mitigate security threats:
1 Administrative controls: Administrative controls are policies,
procedures, and guidelines that govern how an organization manages
security risks. Examples of administrative controls include security
awareness training, access control policies, incident response
procedures, and security audits. These controls are designed to ensure
that employees and other stakeholders follow security policies and
procedures, and that security risks are managed effectively.
2 Technical controls: Technical controls are security measures that use
technology to protect against security threats. Examples of technical
controls include firewalls, intrusion detection systems, encryption,
access control systems, and antivirus software. These controls are
designed to prevent or detect security threats at the technical level,
such as by blocking unauthorized access to a network or identifying and
quarantining malware.
3 Physical controls: Physical controls are measures that physically
protect the organization’s assets, such as facilities, equipment, and
data centers. Examples of physical controls include locks, security
cameras, access control systems, and environmental controls such as
fire suppression systems. These controls are designed to prevent
unauthorized physical access to sensitive assets and to protect against
physical threats such as theft, vandalism, or natural disasters.
1 Cybersecurity is not just a concern for business and governments, but also
for day to day practitioners. The potential risks involved in a cyber-attack
can have serious consequences economically and sociologically.
2 There are several layers of Security and therefore several points of
weaknesses in Information Systems. For each layer we have studied common
threats and strategies on how to mitigate them. It’s our responsibility to
develop an share awareness on cyber-attacks and risky attitudes over the
cyberspace.