Security goals
- Confidentiality
- only authorized people can access protected data
- it should not be disclosd to unauthorized parties
- Integrity
- Assests can be modified only by authorized parties
- it should not be modified in illegtimate ways
- modification involves changing, deleting and creating
- Availability
- Data should be accesible to authorized parties at appropriate time.
A vulnerability is a weakness in the system that might be exploited to cause loss/harm
A threat is a set of circumstances that has the potential to cause loss/harm
Vulnerability is the flaw in system that can cause threat
Attack - It is an act that exploits vulnerability
| Threat |
Attack |
| Threat can be either intentional/unintentional. |
Attack is intentional |
| Threat is a circumstance that has potential to cause loss or damage. |
Attack is attempted to cause damage |
| Threat to the information system doesn’t mean information was altered or damaged |
Attack on the information system means there might be chance to alter, damage, or obtain information when attack was successful |
Types of threats
- Consider a sender S and a recipient R.
- If S entrusts the message to T, who then delivers it to R, then T becomes the Transmission medium.
- If an outsider O wants to access the message ( to read, change or destroy it) then O is an interceptor or intruder.
- Any time after S transmits it via T, the message is vulnerable to exploitation and O might try to access the message in any of the following ways :