# Introduction It's a lot social engineering: > "People are the weakest element in a security chain. While technology vulnerabilities are patched, there is no patch for human stupidity." The attacker always takes the **path with least resistance**. ## CIA paradigm - **Confidentiality**: information can be accessed only by authorized entities, unauthorized people can not have access to it (can be seen as privacy). - **Integrity**: consistency and trustworthiness of information over its entire lifecycle - **Availability**: information must be available to all the authorized parties without external constraints Other definitions: - **Vulnerability**: elements that let someone break the rules of the CIA paradigm. - **Exploit**: method of using one or several vulnerabilities to achieve a certain goal that breaches certain constraints. - **Asset**: Recognizes the value that someone or an organization places on a particular entity. - **Threat**: This is a possible violation of the CIA. - **Threat Agent**: The person or thing that may instigate an attack. - **Attacker**: The person or thing that executes the attack. - **Hacker**: An individual with an intricate knowledge of computers and computer networks, and a desire to learn everything. - **Security Level**: something which addresses the threats directed towards the asset. - **Protection Level**: security measures put in place to safeguard an asset. - **Risk**: $Risk = Asset * Vulnerabilities * Threats$ > "A system with limited vulnerabilities but with a high threat level may be less secure than a system with many vulnerabilities but with low threat level."