Cyber Security National Lab (nodo UniPg)

image

Cyber security

Cybersecurity standards are digital security techniques developed to prevent or mitigate cybersecurity attacks. These guides provide general outlines as well as specific techniques for implementing cybersecurity. For certain standards, cybersecurity certification by an accredited body can be obtained. There are many advantages to obtaining certification including the ability to get cybersecurity insurance. The choice between writing cybersecurity as two words (cyber security) or one (cybersecurity) depends on the institution, and there have been discrepancies on older documents.[1] However, since the U.S. Federal Executive Order (EO) 13636 on the subject was spelled “Improving Critical Infrastructure Cybersecurity”, most forums and media have embraced spelling "cybersecurity" as a single word.

Vulnerability

Vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface. A large number of vulnerabilities are documented in the Common Vulnerabilities and Exposures (CVE) database www.cve.org. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This practice generally refers to software vulnerabilities in computing systems.