Chapter 5 - Describing Information Security Concepts Flashcards Preview

CyberOps Fundamentals > Chapter 5 - Describing Information Security Concepts > Flashcards

Flashcards in Chapter 5 - Describing Information Security Concepts Deck (24):
1

What is the concept that guarantees only authorized users can view sensitive information?

Confidentiality

2

The concept that guarantees only authorized subjects can change sensitive information and may also guarantee authenticity of data.

Integrity

3

The concept that guarantees uninterrupted access by authorized users to important computing resources and data.

Availability

4

Information that can be used on its own, or with other information to identify, contact, or locate a single person.

Personally Identifiable Information (PII)

5

Any information about health status, provision of health care, or payment of health care that can be linked to a specific individual.

Personal Health Information (PHI)

6

A function of the likelihood of a given threat source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.

Risk

7

An intent and method that is targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability.

Threat Source

8

The potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability.

Threat

9

A weakness that makes a resource susceptible to a threat.

Vulnerability

10

The resulting damage to the organization that is caused by a threat.

Impact

11

A network attack in which an unauthorized person gains access to a network and stays there undetected for a long time period.

Advanced Persistent Threat (APT)

12

A risk option when the cost of other risk management options may outweigh the cost of the risk itself.

Risk Acceptance

13

A risk option that avoids any exposure to the risk.

Risk Avoidance

14

A risk option where a company's risk exposure is limited by taking some action.

Risk Limitation

15

A risk option where the transference of risk to a willing third party.

Risk Transfer

16

A risk assessment approach that involves trying to map a dollar amount to each specific risk.

Quantitative approach

17

A risk assessment approach that involves assigning a risk level, such as low, medium, or high to each risk.

Qualitative approach

18

A defect in software or hardware, in the concept of information security.

Vulnerability

19

The open framework for communicating and characteristics and severity of software vulnerabilities.

CVSS

20

Access control model that secures information by assigning sensitivity labels on information and comparing it to the users operating sensitivity level.

Mandatory Access Control

21

Access control model that uses an ACL to decide which users or groups have access to the information.

Discretionary Access Control

22

Access control model that is based on an individual's roles and responsibilities within the organization (RBAC).

Non-Discretionary Access Control

23

Name the three types of Security Operations Centers

Threat-centric - actively looks for threats on the network
compliance-based - focuses on security posture as it relates to compliancy testing
operational-based - focuses on maintaining operational integrity and functionality

24

Risk is a function of what three factors

Threat, Vulnerability, and Impact