Chapter 1 - General Concepts Flashcards
What are the three components of the CIA triad?
- Confidentiality
- Integrity
- Availability
What does Confidentiality protect against?
The unauthorized disclosure of sensitive information.
What are some examples of Confidentiality controls?
Firewalls, access control lists, encryption.
What is an example of Integrity control?
Hashing.
What are some examples of Availability controls?
Fault tolerance, clustering, backups.
What is Nonrepudiation?
Nonrepudiation means that someone who performed some action cannot later deny having taken that action.
What is a common example of Nonrepudiation control?
Digital signatures.
What are the three key threats to cybersecurity?
Disclosure, Alteration and Denial.
What are the five main types of risks that organizations may face as result of a breach?
- Financial risk
- Reputational risk
- Strategic risk
- Operational risk
- Compliance risk
What are Control Objectives?
Control objectives are statements of a desired security state for an organization.
What are Security Controls?
Security controls are specific measures that fulfill the security objectives of an organization.
What is a Gap Analysis?
A cybersecurity review where a security professional checks the control objectives for an organization and then examines the controls designed to achieve those objectives to make sure they are working as intended.
Name the four Security Control Categories.
- Technical controls
- Operational controls
- Managerial controls
- Physical controls
Name the six Security Control Types.
- Preventive controls
- Deterrent controls
- Detective controls
- Corrective controls
- Compensating controls
- Directive controls
Name the three states in which data might exist.
- Data at rest
- Data in transit
- Data in use
