Cpd Flashcards
(54 cards)
What does the Information Asset Security Policy provide?
Basis for maintaining proper operation and control
Key elements include scope, monitoring, governance, compliance, and privacy.
What are the key elements of the Information Asset Security Policy?
- Scope
- Monitoring and governance
- Compliance and privacy
- Regular updates and accessibility
- Issue-specific policies (e.g., change management)
These elements ensure that information is properly managed and protected.
What is the role of Identity & Access Management?
Establishes user accountability and prevents unauthorized access to information systems
It ensures the right access to the right people.
What are the types of Physical Access Controls?
- Badges
- Security personnel
- Guard keys
- Locks
- Biometrics
- Video cameras
- Alarm systems
- Log register
These controls restrict entry/exit to secured areas.
What does Logical Access Control manage?
Protects information assets through job functions of users
It includes various types like mandatory, discretionary, and role-based access control.
Define Authentication in the context of access control.
Proving subjects are who they claim to be
It is checked against credentials stored in a database or directory.
What is the purpose of a Firewall?
Perimeter security for networks
It controls the flow of traffic in and out of the network.
What are the main functions of Firewalls?
- Block access to particular sites
- Limit traffic to relevant addresses and ports
- Record and monitor communications
- Encrypt packets sent within an organization
Firewalls can be hardware or software-based.
What is a Virtual Private Network (VPN)?
Extends the corporate network securely via encrypted packets
It uses public IP infrastructure for communication.
What are the advantages of using a VPN?
- Cost-efficient
- Increases the span of corporate network
- Secure connection to the network
However, it may also introduce risks like malware and poor configuration.
What is Data Classification?
Inventory management of information assets to provide the required level of security
It involves identifying assets and determining the protection needed based on sensitivity.
What are the two main types of encryption?
- Symmetric encryption
- Asymmetric encryption
Symmetric uses a single key; asymmetric uses a public-private key pair.
What is Hashing?
Transformation of text into a fixed width length called the Digest
It ensures integrity and authenticity of the data.
What is the role of Digital Signatures?
Authenticate the origin of an encoded message
It uses the sender’s private key for encryption and public key for decryption.
What is Public Key Infrastructure (PKI)?
Helps overcome limitations of public key systems by confirming authenticity
It involves a trusted third party known as a Certification Authority.
Fill in the blank: The principle of _______ ensures that users have only the access necessary to perform their job functions.
least privilege
True or False: Asymmetric encryption uses the same key for both encryption and decryption.
False
What is the purpose of Data Loss Prevention?
Prevent loss/misuse of sensitive data or access by unauthorized users
It involves classification of data and determining violations.
What are the common uses of Asymmetric Encryption?
- Digital signatures
- Secure email
- Blockchain
- HTTPS web browsing
It uses two complementary keys for encryption and decryption.
What are common techniques for securing network infrastructure?
- Personnel training
- Segregation of Duties (SoD)
- Monitoring access
- Data encryption
- Device hardening
These measures help protect communication networks.
What is the role of a Certification Authority in PKI?
Confirm authenticity during message transfer
It identifies the holder of the public key and signs it.
What is the difference between Symmetric and Asymmetric encryption?
- Symmetric: Uses one key
- Asymmetric: Uses a public-private key pair
Symmetric is faster but less secure; Asymmetric is more secure but slower.
