Fundamentals of Security Flashcards
(101 cards)
Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction
Information Security
Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data
Information Systems Security
CIA Triad
Confidentiality
Integrity
Availability
Ensures information is accessible only to authorized personnel (e.g.,
encryption)
Confidentiality
Ensures data remains accurate and unaltered (e.g., checksums)
Integrity
Ensures information and resources are accessible when needed (e.g.,
redundancy measures)
Availability
Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures
Non-Repudiation
An extension of the CIA triad with the addition of non-repudiation and
authentication
CIANA Pentagon
Triple A’s of Security
Authentication
Authorization
Accounting
Verifying the identity of a user or system (e.g., password checks)
Authentication
Determining actions or resources an authenticated user can access (e.g.,
permissions)
Authorization
Tracking user activities and resource usage for audit or billing purposes
Accounting
Security Control Categories
■ Technical
■ Managerial
■ Operational
■ Physical
Security Control Types
■ Preventative
■ Deterrent
■ Detective
■ Corrective
■ Compensating
■ Directive
Operates on the principle that no one should be trusted by default. To achieve zero trust, we use the control plane and the data plane.
Zero Trust Model
Adaptive identity, threat scope reduction, policy-driven access
control, and secured zones
Control Plane
Subject/system, policy engine, policy administrator, and
establishing policy enforcement points
Data Plane
Anything that could cause harm, loss, damage, or compromise to our information
technology systems. Can come from the following:
● Natural disasters
● Cyber-attacks
● Data integrity breaches
● Disclosure of confidential information
Threat
Any weakness in the system design or implementation. Come from internal factors like the following:
● Software bugs
● Misconfigured software
● Improperly protected network devices
● Missing security patches
● Lack of physical security
Vulnerability
Finding different ways to minimize the likelihood of an outcome and achieve the
desired outcome.
Risk Management
Refers to the protection of information from unauthorized access and disclosure. Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes.
Confidentiality
Confidentiality is important for 3 main reasons
■ To protect personal privacy
■ To maintain a business advantage
■ To achieve regulatory compliance
To ensure confidentiality, we use five basic methods
Encryption
Access Controls
Data Masking
Physical Security Measures
Training and Awareness
Process of converting data into a code to prevent unauthorized access
Encryption