01.Introduction to CS

Introduction

It’s a lot social engineering:

“People are the weakest element in a security chain. While technology vulnerabilities are patched, there is no patch for human stupidity.”

The attacker always takes the path with least resistance.

CIA paradigm

• Confidentiality: information can be accessed only by authorized entities, unauthorized people can not have access to it (can be seen as privacy).
• Integrity: consistency and trustworthiness of information over its entire lifecycle
• Availability: information must be available to all the authorized parties without external constraints

Other definitions:

• Vulnerability: elements that let someone break the rules of the CIA paradigm.
• Exploit: method of using one or several vulnerabilities to achieve a certain goal that breaches certain constraints.
• Asset: Recognizes the value that someone or an organization places on a particular entity.
• Threat: This is a possible violation of the CIA.
• Threat Agent: The person or thing that may instigate an attack.
• Attacker: The person or thing that executes the attack.
• Hacker: An individual with an intricate knowledge of computers and computer networks, and a desire to learn everything.
• Security Level: something which addresses the threats directed towards the asset.
• Protection Level: security measures put in place to safeguard an asset.
• Risk: $Risk=Asset\ast Vulnerabilities\ast Threats$

“A system with limited vulnerabilities but with a high threat level may be less secure than a system with many vulnerabilities but with low threat level.”