Lecture 02 Handouts
Lecture 02 Handouts
(06407)
March 8, 2025
2 / 16
Contents
3 / 16
Terminology Used in Security of Organizations
▶ Computer Security:
▶ One of the oldest terms. It includes operating system
security, application security.
▶ Defense using anti-malware, access control, etc.
▶ Information Security:
▶ This term appeared as the integration between computer
security and network security.
▶ In addition to previous defenses, we use firewalls, intrusion
detection, security testing, etc.
▶ Information Assurance:
▶ This term has a more managerial rather than technical
aspects.
▶ It includes all aspects of IT security techniques and policies
at an organizational level.
▶ Defenses, in addition to previous ones, may include physical
security of information assets, policies, etc.
4 / 16
Terminology Used in Security of Organizations–Cont’d
▶ Cyber Security:
▶ This term is usually used to mean all of the previous terms.
5 / 16
Information Assets
6 / 16
Vulnerabilities and Threats
7 / 16
Attack, Attack Surface and Attack Vector
▶ Attack:
An attack on an IT asset is an act done internally (in the
organization) or externally that is meant to do harm to this
asset.
▶ Attack Surface:
An attack surface includes all IT systems that are exposed
to attacks, i.e., it is the entry point of an attack.
▶ Attack vector:
An attack vector is a sequence of actions that are used to
execute an attack. Sometimes it is loosely used to mean
“attack method”.
8 / 16
Risk Management
9 / 16
Section 2
10 / 16
Managerial Positions Related to IT
11 / 16
The Cyber Security Color Wheel
▶ Vulnerability scanning.
▶ Penetration testing.
▶ Security testing.
▶ Black box testing.
▶ Ethical hacking.
▶ Social engineering.
13 / 16
The Blue Team: The Defenders
14 / 16
The Yellow Team: The Developers
15 / 16
Other Teams: Purple, Orange, and Green
16 / 16