IT Sicherheit at Hochschule Konstanz | Flashcards & Summaries

Select your language

Suggested languages for you:
Log In Start studying!

Lernmaterialien für IT Sicherheit an der Hochschule Konstanz

Greife auf kostenlose Karteikarten, Zusammenfassungen, Übungsaufgaben und Altklausuren für deinen IT Sicherheit Kurs an der Hochschule Konstanz zu.

TESTE DEIN WISSEN

Vulnerability

Lösung anzeigen
TESTE DEIN WISSEN

weakness in an information system that enables an attack f.e passwords are often not chosen properly

Lösung ausblenden
TESTE DEIN WISSEN

Exploit

Lösung anzeigen
TESTE DEIN WISSEN

implementation of an attack. typically steps of attack are implemented in a program

Lösung ausblenden
TESTE DEIN WISSEN

Risk

Lösung anzeigen
TESTE DEIN WISSEN

probability of an attack x damage. how bad will it be

Lösung ausblenden
TESTE DEIN WISSEN

Critical infrastructures

Lösung anzeigen
TESTE DEIN WISSEN

 Entities/organisations that are important for essential services delivered to the public 

 Loss or deterioration of service would have a significant impact on public safety

Lösung ausblenden
TESTE DEIN WISSEN

proactive security

Lösung anzeigen
TESTE DEIN WISSEN

Technical prevention: design systems to prevent, discourage and mitigate attacks 

 If attack cannot be prevented, increase its cost and control damage

disadvantage: costly, can interfere with other goals f.ex in health care: doctor can't see past health issues -> worse treatment

Lösung ausblenden
TESTE DEIN WISSEN

reactive security

Lösung anzeigen
TESTE DEIN WISSEN

Detection and reaction: detect attacks and take measures to stop them, or to punish the guilty

works as a deterrent: risk of being punished is too high

Lösung ausblenden
TESTE DEIN WISSEN

Define why security is a continuous process

Lösung anzeigen
TESTE DEIN WISSEN

Continuous race between attackers and defenders: Attackers are creative

No security mechanisms will stop all attacks; attackers just move to new methods and targets

Security mechanisms will fail and new threats will arise

Lösung ausblenden
TESTE DEIN WISSEN

Traditional security goals

Lösung anzeigen
TESTE DEIN WISSEN

CIA = confidentiality, integrity, availability

-Confidentiality = protection of secrets 

-Integrity = only authorized modification of data and system configuration 

 -Availability = no denial of service, business continuity

Lösung ausblenden
TESTE DEIN WISSEN

Extensions to CIA model

Lösung anzeigen
TESTE DEIN WISSEN

-Privacy = control of personal data and space

-Accountability/non-repudiation = ability to prove that actions happened

-Hexad (Parker): CIA + control, authenticity, utility

Lösung ausblenden
TESTE DEIN WISSEN

Cost vs. benefit

Lösung anzeigen
TESTE DEIN WISSEN

-Rational attackers compare cost of attack with gains: Attackers look for weakest link; thus, little is gained by strengthening already strong bits

-Rational defenders compare the risk of an attack with the cost of implementing defenses 

Lösung ausblenden
TESTE DEIN WISSEN

Personal data

Lösung anzeigen
TESTE DEIN WISSEN

any information relating to an identified or identifiable natural person ("data subject")

Lösung ausblenden
TESTE DEIN WISSEN

What are Challenges of individual protection

Lösung anzeigen
TESTE DEIN WISSEN

- Requires effort, knowledge, understanding
- Not directly rewarding
- Hard to outsource and automate

Lösung ausblenden
  • 26302 Karteikarten
  • 596 Studierende
  • 12 Lernmaterialien

Beispielhafte Karteikarten für deinen IT Sicherheit Kurs an der Hochschule Konstanz - von Kommilitonen auf StudySmarter erstellt!

Q:

Vulnerability

A:

weakness in an information system that enables an attack f.e passwords are often not chosen properly

Q:

Exploit

A:

implementation of an attack. typically steps of attack are implemented in a program

Q:

Risk

A:

probability of an attack x damage. how bad will it be

Q:

Critical infrastructures

A:

 Entities/organisations that are important for essential services delivered to the public 

 Loss or deterioration of service would have a significant impact on public safety

Q:

proactive security

A:

Technical prevention: design systems to prevent, discourage and mitigate attacks 

 If attack cannot be prevented, increase its cost and control damage

disadvantage: costly, can interfere with other goals f.ex in health care: doctor can't see past health issues -> worse treatment

Mehr Karteikarten anzeigen
Q:

reactive security

A:

Detection and reaction: detect attacks and take measures to stop them, or to punish the guilty

works as a deterrent: risk of being punished is too high

Q:

Define why security is a continuous process

A:

Continuous race between attackers and defenders: Attackers are creative

No security mechanisms will stop all attacks; attackers just move to new methods and targets

Security mechanisms will fail and new threats will arise

Q:

Traditional security goals

A:

CIA = confidentiality, integrity, availability

-Confidentiality = protection of secrets 

-Integrity = only authorized modification of data and system configuration 

 -Availability = no denial of service, business continuity

Q:

Extensions to CIA model

A:

-Privacy = control of personal data and space

-Accountability/non-repudiation = ability to prove that actions happened

-Hexad (Parker): CIA + control, authenticity, utility

Q:

Cost vs. benefit

A:

-Rational attackers compare cost of attack with gains: Attackers look for weakest link; thus, little is gained by strengthening already strong bits

-Rational defenders compare the risk of an attack with the cost of implementing defenses 

Q:

Personal data

A:

any information relating to an identified or identifiable natural person ("data subject")

Q:

What are Challenges of individual protection

A:

- Requires effort, knowledge, understanding
- Not directly rewarding
- Hard to outsource and automate

IT Sicherheit

Erstelle und finde Lernmaterialien auf StudySmarter.

Greife kostenlos auf tausende geteilte Karteikarten, Zusammenfassungen, Altklausuren und mehr zu.

Jetzt loslegen

Das sind die beliebtesten StudySmarter Kurse für deinen Studiengang IT Sicherheit an der Hochschule Konstanz

Für deinen Studiengang IT Sicherheit an der Hochschule Konstanz gibt es bereits viele Kurse, die von deinen Kommilitonen auf StudySmarter erstellt wurden. Karteikarten, Zusammenfassungen, Altklausuren, Übungsaufgaben und mehr warten auf dich!

Das sind die beliebtesten IT Sicherheit Kurse im gesamten StudySmarter Universum

IT-Sicherheit

Duale Hochschule Baden-Württemberg

Zum Kurs
IT-Sicherheit

Hochschule Aalen

Zum Kurs

Die all-in-one Lernapp für Studierende

Greife auf Millionen geteilter Lernmaterialien der StudySmarter Community zu
Kostenlos anmelden IT Sicherheit
Erstelle Karteikarten und Zusammenfassungen mit den StudySmarter Tools
Kostenlos loslegen IT Sicherheit