Cybersecurity Terms

Trevor Chandler

Well-known member
Jul 4, 2020
130
134
15,861
Hello CINners,

When I'm listening to presentations at cybersecurity events,
there are some common terms that are used, such as:
- vulnerability
- threat
- attack surface
- attach vector

Just to name a very few.

Can you define these terms without having to launch your favorite
search engine? Do you have a definition in your brain, that would
allow you to articulate to the someone, what the term means?

I'd like to have you define one (or all) of the terms that I have listed,
based on your understanding. Just imagine that you're in conversation
with someone, and you spit out one of those terms, and the other
person ask you to define the term.

Now if you're going to lookup the term(s) using some search engine,
or dig into some book, and then pass that on to me, don't waste that
bandwidth :)
 
  • Like
Reactions: precious
Since we're talking terms, let's address mantrap and access control vestibule. In my Security+ class, I use the same slide for both and explain how the industry is trying to sterilize verbiage. If you go to a job site and talk to the foreman, asking about the "access control vestibule" may lead him to think all your learning came from a book.
 
  • Like
Reactions: Trevor Chandler
Attack surface is the target.
Attack vector is the avenue of attack.
For example, a phish email is an attack vector and the poor soul who opens it and clicks a link is the attack target.
Thanks for your response Mark.

In your example, you say that the poor soul who clicks the link in the email is the attack target. In your definition of "Attack Surface", you say that this is the avenue of the attack. Based on your example, does that imply that the poor soul is an attack surface?
 
So to put it another way...

The asset is the snacks on the snack table.
The vulnerability is just how so very accessible they are, just sitting there in the open.
The threat is when @Trevor Chandler comes by to take the snacks.
The loss is when the rest of us don't get them.

So how do we mitigate this vulnerability...?

/r
 
  • Like
Reactions: Trevor Chandler
So to put it another way...

The asset is the snacks on the snack table.
The vulnerability is just how so very accessible they are, just sitting there in the open.
The threat is when @Trevor Chandler comes by to take the snacks.
The loss is when the rest of us don't get them.

So how do we mitigate this vulnerability...?

/r
This is too original to have come from any webpage, or any textbook. I'd like your permission to use this the next time I'm covering these terms!!!