Glossary

From Guidance Share
Revision as of 06:39, 30 October 2006 by Admin (talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to navigationJump to search

Contents: Top - 0–9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


A

Asset

An asset is a resource of value. It varies by perspective. To your business, an asset might be the availability of information, or the information itself, such as customer data. It might be intangible, such as your company's reputation. To an attacker, an asset could be the ability to misuse your application for unauthorized access to data or privileged operations.

Attack (or exploit)

An attack is an action taken that utilizes one or more vulnerabilities to realize a threat. This could be someone following through on a threat or exploiting a vulnerability.

C

Countermeasure

Countermeasures address vulnerabilities to reduce the probability of attacks or the impacts of threats. They do not directly address threats; instead, they address the factors that define the threats. Countermeasures range from improving application design, or improving your code, to improving an operational practice.


T

Threat

A threat is an undesired event or a potential occurrence, often best described as an effect that might damage or compromise an asset or objective. It may or may not be malicious in nature.

V

Vulnerability

A vulnerability is a weakness in some aspect or feature of a system that makes an exploit possible. Vulnerabilities can exist at the network, host, or application levels and include operational practices.