1. The concept of Asset, threat, attack, hazard, vulnerabilities, protection measures
1.Assets means that sensitive, critical and valuable digital information and information system.
2.Threats comes from deliberately source of risk, including stealing, changing or damage our information assets.
3.Attack is a specific of threats.
4. Hazard is unexpected source of risk, like natural disasters.
5.Vulnerabilities meas that the victims potential weakness, which always is used to attack victims.
6.Protection is a way to reduce the impact of attacks and hazard. Protections can be technical, like anti-virus softwates or laws.
2.Explain three principles of cybersecurity, by giving example, which includes at least three key concepts.
1.confidentiality. our information is our asset. confidentiality means that our information asset can not be read by others without our permission. we need to use all kinds of pretection to keep away from attacking.
2.Integrity means that our information can not be changed or deleted by others using vulnerabilities.
out assets always have some vulnerabilities and they always used by hacker to avoid our protection to attack.
3.Availibility meas that our asset can be used at any time.Sometimes, hackers used vulnerabilities to attack our information assest.
3.Write down the limitation of CIA principles
CIA principles cannot be used to protect information from some types of attack such as fake new.
4.Explain the treadoff in cybersecurity.
**1. Different organization have different objectives. IT group focus on effective and the speed of processing of information. However, Organisation focus on CIA(confidentiality, integrity, availability.)
2.You cannot have security and convenience at the same time. If you want security, you need more complex passwords and algorithms that take longer than before. Passwords are so complex that users may write them down on paper. If you go for convenience, then the strength of the password will be reduced, the difficulty and time to break will be reduced,So we need to consider the level of hackers, and their own costs, to develop appropriate security.
