Elements of Security Flashcards
What are the CIA Triads in InfoSec?
Confidentiality, Integrity, Availability
What is Confidentiality?
1 of the CIA Triads
Only allow authorized parties to access the data or system.
Define Integrity.
1 of the CIA Triads
Protect the data from unauthorized modification or deletion.
What is Availability?
1 of the CIA Triads
Ensure that data and systems that you are protecting can still be accessed and used as needed.
Define Information Security.
Information Security is anything that you do to protect your data.
SECURITY, FUNCTIONALITY, USABILITY
-These attributes are interlocked
-Security is at odds with nearly every other organizational process.
-Increasing security usually requires decreasing functionality and usability.
Define “Defense-in-Depth”.
-Multiple layers of security controls.
What is the purpose of “Defense-in-Depth”
Defense-in-Depth provides redundancy in the event of a control failure.
What are the three (3) types of Active Defense?
Annoyance, Attribution, Attack
What is Annoyance in the context of Active Defense?
-it involves tracking a hacker and leading them to a fake server (honeypot).
-waste their time
-make them easy to detect
What is Attribution in the context of Active Defense?
-Identify the attacker
-Use tools to trace the source of an attack back to a specific location, or even an individual.
What is Attack in the context of Active Defense?
-This is the most controversial and risky.
-You “hack back”
-access an alleged hackers’ computer
-delete the data or take revenge
-both steps are considered illegal.
Hack Value
Perceived value or worth of a target as seen by the attacker.
Vulnerability
A weakness or flaw in a system.
Threat
Anything that can potentially violate the security of a system or organization.