Yes, it is boring, but it is essential to understand some basic term. Just bear with it, there are just a few and I have kept it simple and short.
Threat - A potential violation of security.
Vulnerability - Existence of a weakness, design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system, network, application or protocol involved.
Target of Evaluation - An IT system, product or component that is identified/subjected as requiring security evaluation.
Attack - An assault on system security that dervied from intelligent threat, i.e. an intelligent act that is a deliberate attempt to evade security services and violate security policy of a system.
Exploit -A defined way to breach security of an IT system through vulnerability.
Make an analogy, Target of Evaluation is a person who has weakness (vulnerability), because of the weakness he is subject to certain potential dangerous act or event (threat). A thief (cracker) can exploit his weakness to cheat (attack) on him.
沒有留言:
張貼留言