In this article I am going to explain a couple of useful terms in security. These terms are frequently used both in textbooks and between security professionals.
Policy: policy is the specification of security expectations of on organization. It could be a mathematic formula, formal written document or an informal expectation.
Vulnerability: In simple terms vulnerability is a software security bug. Vulnerability allows an attacker to violate the security policy of an organization.
Exploit: exploit is a script, tool, input or a specification of steps that takes advantage of a vulnerability and by using it and by using it an attack is being run.
CIA: CIA stands for Confidentiality, Integrity and Availability. A system is secure if it has these three characteristics.
Confidentiality: Confidentiality aspect of a system assures the privacy. In other words with respect to confidentiality, private things are kept private.
Integrity: Integrity generally applies to a Data which is communicated through a channel and is a measurement of correctness and completeness of that Data.
Availability: Without availability the existence of those other two elements is useless. Availability insures that the system performs its duty and serves as expected.
AAA: it stands for authentication, authorization and accountability. A secure solution should have these three processes.
Authentication: authentication is the process of identifying the user. Normally by using authentication you only give access to the valid users.
Authorization: authorization is a complement for authentication. By authorization you apply the level of access for a valid user.
Accountability: accountability is a means for later forensic analysis. By accountability at place you track who does what?