Domaine 1 : Concepts généraux de sécurité Flashcards
(28 cards)
What are security controls?
Safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets.
Security controls are critical for protecting various types of assets from potential threats.
What are the three types of security controls?
- Managerial Controls
- Operational Controls
- Technical Controls
Each type of control serves a different purpose in managing security.
What do managerial controls focus on?
The management of risk and the information security program.
Examples include risk assessments, security planning, and policy development.
What do operational controls involve?
Controls implemented by people, such as security awareness training and incident response processes.
These controls are more focused on day-to-day operations.
What are technical controls?
Controls implemented through technology, such as firewalls and intrusion detection systems.
These controls leverage technology to enhance security.
What is the purpose of preventive controls?
To aim to prevent security incidents.
Examples include access controls and security policies.
What are detective controls designed to do?
To detect and react to incidents once they have occurred.
Examples include audit logs and intrusion detection systems.
What is the goal of corrective controls?
To correct systems after an incident.
Examples include backup and restore procedures and patch management.
What do deterrent controls aim to do?
Discourage security violations.
Examples include warning signs and security awareness training.
What are compensating controls?
Alternative measures put in place when primary controls cannot be used.
An example would be using manual procedures when automated controls are not feasible.
What factors influence the selection of appropriate security controls?
The organization’s specific needs, risk assessments, and regulatory requirements.
Tailoring controls to the organization ensures effective security management.
What is confidentiality in the context of information security?
Ensuring that sensitive information is accessible only to authorized individuals
Techniques include encryption, access controls, and authentication mechanisms.
What does integrity mean in information security?
Maintaining the accuracy and completeness of data
Methods involve hashing, digital signatures, and checksums to detect unauthorized modifications.
What is the goal of availability in information security?
Ensuring that information and resources are accessible to authorized users when needed
Strategies include implementing redundant systems, regular maintenance, and protection against denial-of-service attacks.
Fill in the blank: Techniques for ensuring confidentiality include _______.
encryption, access controls, and authentication mechanisms
Fill in the blank: Methods to maintain data integrity include _______.
hashing, digital signatures, and checksums
True or False: Availability in information security means that resources are available to unauthorized users.
False
What is one method to enhance availability?
Implementing redundant systems
Regular maintenance and protection against denial-of-service attacks also contribute to availability.
What does authentication verify?
The identity of a user or system
Common methods include passwords, biometrics, and security tokens.
What is the purpose of authorization?
Determines what resources an authenticated user can access
Implemented through access control lists and role-based access controls.
