2.1 - Summarise fundamental security concepts Flashcards
(11 cards)
What is the C in the CIA triad?
Confidentiality - Assurance that information is not exposed to unauthorised individuals, processes, or devices. It covers data in storage and transit
What is the I in the CIA triad?
Integrity - the principle that systems are trustworthy, and work as intended, and the data is complete and accessible when needed
What is the A in the CIA triad?
Availability - the principle that information systems and supporting infrastructure are operating and accessible when needed
What are the 4 supporting principles?
Authentication - Process of verifying identify
Authorisation - Process of approving access
Accounting - Process of tracing actions to the source
Non-repudiation - Process of assuring the validity and origin of data
What is privacy?
The right of an individual to control the use of their personal information
What are the 4 out of the 8 OECD privacy principles
Collection limitation, data quality, purpose specification, use limitation
What is Collection limitation from OECD privacy principles?
There is a limit amount of personal data that can be collected, collected data should be obtained lawfully and fair means and with knowledge and consent from the subject
What is Data quality from OECD privacy principles?
Personal data collected should be relevant to the business, it should be accurate, complete and kept up to date
What is Purpose specification from OECD privacy principles?
Personal data collected should align with the purpose of collection. It should be told no later than at the time of data collection
What is Use limitation from OECD privacy principles?
Personal data should not be disclosed or used for other purposes other than what has be specified with the consent of the individual or authority of law
What is Strategic alignment?
Every security and privacy objective must be aligned with the needs of the organisation
