Skip to main content
4ghora.pro

Security Plus Chapter 1 - Introduction

Posted on:  at 
Comptia, Security Plus
comptiabasicssecuritynotes
Picture

1. Intro To Security

Information Security:

  • Act of protecting data and information from unauthorized access, unlawful modification, disruption, disclosure, corruption and destruction.

Information System Security:

  • Act of protecting system that holds and process our crucial data.

Comments:

  • Unlawful Modification means Modification or editing of data by some unauthorized 3rd Person.

  • Unlawful Disruption means Creating problems while using or accessing the data.

  • Unlawful Disclosure means Preventing Leakage of sensitive or private data.

  • Unlawful Corruption or corruption means preventing data from self corruption by taking regular backups or by some unauthorized 3rd party.

  • Unlawful Destruction means preventing corruption or deletion of data by 3rd party.

2. CIA Triad And 3 A's of Security

CIA Triad: C = Confidentiality I = integrity A = Availability

  1. Confidentiality: Information has not been disclosed to unauthorized people.
  2. Integrity: Information Has not been modified or altered without proper authorization.
  3. Availability: Information is able to be stored accessed or protected at all times.

3 A's of Security: A's = Authentication, Authorization, Accounting

  1. Authentication: When a person's identity is identity is established with proof and confirmed by system.
  2. Authorization: Occurs when a user is given access to a certain piece of data or certain area of building.
  3. Accounting: Tracking of data, computer usage, network resources.

3. Security Threats And Mitigation Threats

Security Threats:

  1. Malware: Short hand term for malicious software.
  2. Unauthorized Access: Access to a computer/system resources with permission or concent of the owner.
  3. System Failure: Occurs when a computer or an individual application fails.
  4. Social Engineering: Act of manipulating users into reveling confidential information or performing other detrimental actions.

Mitigation Threats:

  1. Physical Control (Not Talking about sexual things of course)
  2. Technical Control
  3. Administrative Controls.

  • These are obvious so need to explain :)

  • There is a whole section upcoming no need to cry bitch.

4. Types Of Hackers And Threats Actors

5 Types Of People:

  1. White Hats: Non malicious hackers who attempts to break into a companies systems at there request.
  2. Black Hats: Malicious hackers who break into computer systems and networks without authorization or permission.
  3. Gray Hats: Hackers without any affiliation to a company that attempts to break into a company's network but risks the by doing so.
  4. Blue Hats: Hackers who attempts to hack into a network with permission of the company but are not employed by the company. (example: Bug Hunters)
  5. Elite: Hackers who find and exploit vulnerabilities before anyone else does. They Make their own tools and exploits. it is said that 1 out of 10000 people is a elite.

Threat Actors:

  1. Script Kiddie: Hackers with little to no skills who only use the tools and exploits written by others.
  2. Hacktivists: Hackers who are driven by a cause like social change, political agenda, and sometimes even terrorism. Most Well known Hacktivists Group is Anonymous.
  3. Organized Crime: Hackers who are part of a crime group that is well funded any highly sophisticated.
  4. Advanced Persistent Threats: Highly trained and funded group of hackers(often by nation states) with convert and open-source intelligence at their disposal.
Share