THE THREE GOALS OF INFORMATION SECURITY Confidentiality - Confidentiality "is the property, that information is not made available or disclosed to unauthorized individuals, entities, or processes" (Except ISO27000)
Integrity - Data integrity means maintaining and assuring the accuracy and completeness of data over its entire life-cycle.
Availability -Data must be available when it's needed.
Different types of information/Network security attacks
Denial-of-service attack - An attacker attempts to prevent legitimate users from accessing information or services.
SQL Injection - Structured Query Language (SQL) injection is an attack technique that attempts to subvert the relationship between webpage and its supporting database, This is done to trick the database into executing the malicious code.
Eavesdropping - Electronic attack where digital communications are intercepted by an individual (attacker) whom they are not intended.
Spoofing - Fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.
Phishing - Fraudulent act of acquiring private and sensitive information, such as credit card numbers, personal identification and account usernames and passwords.
Social Engineering - An attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems.
Passwords attacks - Password guess which involves attackers guessing passwords locally or remotely using either a manual or automated approach. Password resetting which involves attackers just requesting for your password to be reset. There are programs that could assist the attacker with this process.
Password cracking which involves attackers learning your passwords usually by capturing password hashes or some other obscured form of the plaintext password or challenge-response packets. The attacker could easily convert the challenge-response packet into it's plaintext password. Password cracking is usually how password are learned.
Reference US-Cert. Understanding Denial-of-service attacks, 4 Nov. 2009. Retrieved from https://www.us-cert.gov/ncas/tips/ST04-015 on 04/21/2016 US-Cert. SQL Injection, 06 June. 2012. Retrieved from https://www.us-cert.gov/security-publications/sql-injection 04/21/2016
Technopedia. Eavesdropping. Retrieved from https://www.techopedia.com/definition/13612/eavesdropping on 04/21/2016.
Technopedia. Spoofing. Retrieved from https://www.techopedia.com/definition/5398/spoofing on 04/21/2016
Technopedia. Phishing. Retrieved from https://www.techopedia.com/definition/4049/phishing on 04/21/2016
US-Cert. Avoiding Social Engineering and Phishing Attacks 22 OCt. 2009. Retrieved from https://www.us-cert.gov/ncas/tips/ST04-014 on 04/21/2016
WindowsITPro. Types of password attacks 30 Jan. 2006. Retrieved from http://windowsitpro.com/security/types-password-attacks on 04/21/16.