2007年12月16日 星期日

Basic Terminology

Yes, it is boring, but it is essential to understand some basic term. Just bear with it, there are just a few and I have kept it simple and short.

Threat - A potential violation of security.

Vulnerability - Existence of a weakness, design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system, network, application or protocol involved.

Target of Evaluation - An IT system, product or component that is identified/subjected as requiring security evaluation.

Attack - An assault on system security that dervied from intelligent threat, i.e. an intelligent act that is a deliberate attempt to evade security services and violate security policy of a system.

Exploit -A defined way to breach security of an IT system through vulnerability.

Make an analogy, Target of Evaluation is a person who has weakness (vulnerability), because of the weakness he is subject to certain potential dangerous act or event (threat). A thief (cracker) can exploit his weakness to cheat (attack) on him.

沒有留言: