Definitions Edit

Financial market Edit

An attack surface is

[t]he sum of an information system's characteristics in the broad categories (software, hardware, network, processes and human) which allows an attacker to probe, enter, attack or maintain a presence in the system and potentially cause damage to an FMI. A smaller attack surface means that the FMI is less exploitable and an attack less likely.[1]

Security Edit

An attack surface is

[t]he set of ways in which an adversary can enter a system and potentially cause damage.[2]
[a]n information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.[3]

Software Edit

The attack surface of a software environment is the code within a computer system that can be run by unauthenticated users. This includes, but is not limited to: user input fields, protocols, interfaces, and services.

Overview Edit

One approach to improving information security is to reduce the attack surface of a system or software. By turning off unnecessary functionality, there are fewer security risks. All code has a nonzero probability of containing vulnerabilities. By having less code available to unauthenticated users, there will tend to be fewer failures. Although attack surface reduction helps prevent security failures, it does not mitigate the amount of damage a hacker can inflict once a vulnerability is found.

References Edit

  1. Guidance on Cyber Resilience for Financial Market Infrastructures, App. A, at 23.
  2. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  3. Id.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.