Essential Infosec Terminology

  • The HackerSploit forum can be accessed here

HackerSploit

Administrator
Staff member
Feb 26, 2020
6
0
1

  • Threat - A threat is a malicious actor whose objective is to breach, cause damage, steal or exfiltrate data from a network or system. Threats usually target assets.
  • Assets - Assets are typically business or service critical systems on a company network that store data, provide services to clients or are integral to the running of the company. As a result, assets are attractive to attackers.
    • Assets can also be employees.
    • During risk assessments/vulnerability assessments, assets need to be identified and adequately secured and protected.
  • Risk - Is the potential impact that a threat or vulnerability will/can have on an organization. Risk is used to determine the probability of a potential vulnerability occurring and its consequent effect.
Calculating Risk

risk forumula.jpg
  • Vulnerability - A vulnerability is a weakness or flaw in a system or network that, when exploited, will compromise the integrity and security of the system or network and can lead to unauthorized access.
  • Exploit - An exploit is a process of breaking into a system or network through a set of or a particular vulnerability. It utilizes a payload to perform specific malicious tasks.
  • Payload - A payload is a chunk of exploit code whose purpose is to perform specific tasks on the target system or network, for example; destroy and exfiltrate data, setup backdoor access, etc.
  • 0-Day - A Zero-Day is a vulnerability in a system or network that has not yet been patched by the developer.