Elements of Security Flashcards

1
Q

What are the CIA Triads in InfoSec?

A

Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Confidentiality?

1 of the CIA Triads

A

Only allow authorized parties to access the data or system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Integrity.

1 of the CIA Triads

A

Protect the data from unauthorized modification or deletion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Availability?

1 of the CIA Triads

A

Ensure that data and systems that you are protecting can still be accessed and used as needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Information Security.

A

Information Security is anything that you do to protect your data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SECURITY, FUNCTIONALITY, USABILITY

A

-These attributes are interlocked
-Security is at odds with nearly every other organizational process.
-Increasing security usually requires decreasing functionality and usability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define “Defense-in-Depth”.

A

-Multiple layers of security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose of “Defense-in-Depth”

A

Defense-in-Depth provides redundancy in the event of a control failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the three (3) types of Active Defense?

A

Annoyance, Attribution, Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Annoyance in the context of Active Defense?

A

-it involves tracking a hacker and leading them to a fake server (honeypot).
-waste their time
-make them easy to detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Attribution in the context of Active Defense?

A

-Identify the attacker
-Use tools to trace the source of an attack back to a specific location, or even an individual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Attack in the context of Active Defense?

A

-This is the most controversial and risky.
-You “hack back”
-access an alleged hackers’ computer
-delete the data or take revenge
-both steps are considered illegal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Hack Value

A

Perceived value or worth of a target as seen by the attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Vulnerability

A

A weakness or flaw in a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Threat

A

Anything that can potentially violate the security of a system or organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Exploit

A

An actual mechanism for taking advantage of a vulnerability.

17
Q

Payload

A

The part of an exploit that actually damages the system or steals the information.

18
Q

Zero-day Attack

A

An attack that occurs before a vendor is aware of a flaw or is able to provide a patch for a flaw.

19
Q

Daisy Chaining / Pivoting

A

Using a successful attack to immediately launch another attack.

20
Q

Doxing

A

Publishing personally identifiable information (PII) about an individual usually with a malicious intent.

21
Q

Non-Repudiation

A

The inability to deny that you did something . Usually accomplished through requiring authentication and digital signatures on documents.

22
Q

Control

A

Any policy, process or technology set in place to reduce risk.

23
Q

Mitigation

A

Any action or control used to minimize damage in the event of negative event.

24
Q

Accountability

A

Ensure that responsible parties are held liable for actions they have taken.

25
Q

Authenticity

A

The proven fact that something is legitimate or real.

26
Q

Enterprise Information Security Architecture (EISA)

A

The process of instituting a complete information security solution that protects every aspect of an enterprise organization.

27
Q

SECURITY CONTROL TYPES: Physical

A

Tangible mechanisms designed to deter unauthorized access to rooms, equipment, document, and other items.

28
Q

SECURITY CONTROL TYPES: Administrative

A

Procedures and policies that inform people on how the business is to be run and how day to day operations are to be conducted. Can be enforced through management policing, physical, and technical means.

29
Q

SECURITY CONTROL TYPES: Technical

A

Any measures taken to reduce risk via technological means.

30
Q
A