Fundamentals of Security Flashcards
1
Q
Information Systems Security
A
Protecting the systems (e.g., computers, servers, network devices) that hold and
process critical data
2
Q
Information Security
A
Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction
3
Q
Name the 3 parts of the CIA Triad
A
Confidentiality, Integrity, Availability
4
Q
Define Confidentiality
A
Ensures information is accessible only to authorized personnel (e.g.,
encryption)
5
Q
Define Integrity
A
Ensures data remains accurate and unaltered (e.g., checksums)
6
Q
Define Availability
A
Ensures information and resources are accessible when needed (e.g.,
redundancy measures)
7
Q
Define Non-Repudiation
A
Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures)
8
Q
What is the CIANA Pentagon?
A
An extension of the CIA triad with the addition of non-repudiation and
authentication
9
Q
What are the Triple A’s of Security?
A
Authentication, Authorization, Accounting
10
Q
Define Authentication
A
Verifying the identity of a user or system (e.g., password checks)
11
Q
Define Authorization
A
Determining actions or resources an authenticated user can access (e.g.,
permissions)
12
Q
Define Accounting
A
Tracking user activities and resource usage for audit or billing purposes
13
Q
Name the 4 Security Control Categories
A
■ Technical
■ Managerial
■ Operational
■ Physical
14
Q
Name the 6 Security Control Types
A
■ Preventative
■ Deterrent
■ Detective
■ Corrective
■ Compensating
■ Directive
15
Q
What is the Zero Trust Model?
A
Operates on the principle that no one should be trusted by default
16
Q
What 2 things do we use to achieve zero trust?
A
The control plane and the data plane
17
Q
Control Plane
A
- Adaptive identity
- threat scope reduction
- policy-driven access control
- secured zones
18
Q
Data Plane
A
- Subject/system
- policy engine
- policy administrator
- establishing policy enforcement points
19
Q
What is a threat?
A
Anything that could cause harm, loss, damage, or compromise to our information technology systems
20
Q
A threat can come from the following 4 things
A
● Natural disasters
● Cyber-attacks
● Data integrity breaches
● Disclosure of confidential information
21
Q
What is a vulnerability?
A
Any weakness in the system design or implementation
22
Q
A vulnerability can come from internal factors like the following
A
● Software bugs
● Misconfigured software
● Improperly protected network devices
● Missing security patches
● Lack of physical security
23
Q
Where threats and vulnerabilities intersect, that is where the risk to your enterprise systems and networks lies
A
■ If you have a threat, but there is no matching vulnerability to it, then you have no risk
■ The same holds true that if you have a vulnerability but there’s no threat against it, there would be no risk
24
Q
What is Risk Managment?
A
Finding different ways to minimize the likelihood of an outcome and achieve the
desired outcome
25
What does Confidentiality refer to and what does it ensure?
■ Refers to the protection of information from unauthorized access and disclosure
■ Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes
26
Confidentiality is important for 3 main reasons
■ To protect personal privacy
■ To maintain a business advantage
■ To achieve regulatory compliance
27
To ensure confidentiality, we use five basic methods
* Encryption
* Access Controls
* Data Masking
* Physical Security Measures
* Training and Awareness
28
What is Encryption?
Process of converting data into a code to prevent unauthorized access
29
How are Access Controls good for Confidentiality?
By setting up strong user permissions, you ensure that only authorized personnel can access certain types data
30
What is Data Masking?
Method that involves obscuring specific data within a database to make it inaccessible for unauthorized users while retaining the real data's authenticity and use for authorized users
31
What are Physical Security Measures?
Ensure confidentiality for both physical types of data, such as paper records stored in a filing cabinet, and for digital information contained on servers and workstations
32
What is Training and Awareness?
Conduct regular training on the security awareness best practices that
employees can use to protect their organization’s sensitive data
33
What does Integrity help ensure and verify?
■ Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorized individual
■ Verifies the accuracy and trustworthiness of data over the entire lifecycle
34
Integrity is important for three main reasons
■ To ensure data accuracy
■ To maintain trust
■ To ensure system operability
35
To help us maintain the integrity of our data, systems, and networks, we usually utilize five methods
* Hashing
* Digital Signatures
* Checksums
* Access Controls
* Regular Audits
36
What is Hashing?
Process of converting data into a fixed-size value
37
What do digital signatures ensure?
Ensure both integrity and authenticity
38
What are Checksums?
Method to verify the integrity of data during transmission
39
Why are Access Controls good for Integrity?
Ensure that only authorized individuals can modify data and this reduces
the risk of unintentional or malicious alterations
40
Why are regular audits good for Integrity?
Involve systematically reviewing logs and operations to ensure that only authorized changes have been made, and any discrepancies are immediately addressed
41
What does Availability ensure?
Ensure that information, systems, and resources are accessible and operational when needed by authorized users
42
As cybersecurity professionals, we value availability since it can help us with the following
■ Ensuring Business Continuity
■ Maintaining Customer Trust
■ Upholding an Organization's Reputation
43
To overcome the challenges associated with maintaining availability, the best strategy is to use redundancy in your systems and network designs. What are 4 different types of redundancy?
* Server Redundancy
* Data Redundancy
* Network Redundancy
* Power Redundancy
44
What is Redundancy?
Duplication of critical components or functions of a system with the intention of enhancing its reliability
45
What is Server Redundancy?
Involves using multiple servers in a load balanced or failover configuration
so that if one is overloaded or fails, the other servers can take over the
load to continue supporting your end users
46
What is Data Redundancy?
Involves storing data in multiple places
47
What is Network Redundancy?
Ensures that if one network path fails, the data can travel through
another route
48
What is Power Redundancy?
Involves using backup power sources, like generators and UPS systems
49
What is Non-repudiation?
■ Focused on providing undeniable proof in the world of digital transactions
■ Security measure that ensures individuals or entities involved in a
communication or transaction cannot deny their participation or the authenticity
of their actions
50
What are Digital Signatures?
■ Considered to be unique to each user who is operating within the digital domain
■ Created by first hashing a particular message or communication that you want to
digitally sign, and then it encrypts that hash digest with the user’s private key using asymmetric encryption
51
Non-repudiation is important for three main reasons
■ To confirm the authenticity of digital transactions
■ To ensure the integrity of critical communications
■ To provide accountability in digital processes
52
What is Authentication?
Security measure that ensures individuals or entities are who they claim to be during a communication or transaction
53
What are 5 commonly used authentication methods?
* Something you know (Knowledge Factor)
* Something you have (Possession Factor)
* Something you are (Inherence Factor)
* Something you do (Action Factor)
* Somewhere you are (Location Factor)
54
Something you know (Knowledge Factor)
Relies on information that a user can recall
55
Something you have (Possession Factor)
Relies on the user presenting a physical item to authenticate themselves
56
Something you are (Inherence Factor)
Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be
57
Something you do (Action Factor)
Relies on the user conducting a unique action to prove who they are
58
Somewhere you are (Location Factor)
Relies on the user being in a certain geographic location before access is
granted
59
What is Multi-Factor Authentication System (MFA)
Security process that requires users to provide multiple methods of identification
to verify their identity
60
Authentication is critical to understand because of the following
■ To prevent unauthorized access
■ To protect user data and privacy
■ To ensure that resources are accessed by valid users only
61
What is Authorization?
Pertains to the permissions and privileges granted to users or entities after they have been authenticated
62
Authorization mechanisms are important to help us with the following
■ To protect sensitive data
■ To maintain the system integrity in our organizations
■ To create a more streamlined user experience
63
What is Accounting?
Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded
64
Your organization should use a robust accounting system so that you can create the following 5 important tasks
* Create an audit trail
* Maintain regulatory compliance
* Conduct forensic analysis
* Perform resource optimization
* Achieve user accountability
65
What does Creating an audit trail do?
Provides a chronological record of all user activities that can be used to
trace changes, unauthorized access, or anomalies back to a source or
point in time
66
What does Maintaining regulatory compliance do?
Maintains a comprehensive record of all users’ activities
67
What does Conducting forensic analysis do?
Uses detailed accounting and event logs that can help cybersecurity
experts understand what happened, how it happened, and how to prevent similar incidents from occurring again
68
What does Performing resource optimization do?
Organizations can optimize system performance and minimize costs by
tracking resource utilization and allocation decisions
69
What does Achieving user accountability do?
Thorough accounting system ensures users’ actions are monitored and logged , deterring potential misuse and promoting adherence to the organization’s policies
70
To perform accounting, we usually use different technologies like the following 3
* Syslog Servers
* Network Analysis Tools
* Security Information and Event Management (SIEM) Systems
71
For accounting purposes, what are Syslog Servers used for?
Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies in the organization’s systems
72
For accounting purposes, what are Network Analysis Tools used for?
Used to capture and analyze network traffic so that network
administrators can gain detailed insights into all the data moving within a
network
73
For accounting purposes, what are Security Information and Event Management (SIEM) Systems used for?
Provides us with a real-time analysis of security alerts generated by
various hardware and software infrastructure in an organization
74
What are 4 broad categories of Security Controls?
* Technical Controls
* Managerial Controls
* Operational Controls
* Physical Controls
75
What are Technical Controls?
Technologies, hardware, and software mechanisms that are implemented
to manage and reduce risks
76
What are Managerial Controls?
● Sometimes also referred to as administrative controls
● Involve the strategic planning and governance side of security
77
What are Operational Controls?
● Procedures and measures that are designed to protect data on a
day-to-day basis
● Are mainly governed by internal processes and human actions
78
What are Physical Controls?
Tangible, real-world measures taken to protect assets
79
What are 6 Basic Types of Security Controls?
* Preventive Controls
* Deterrent Controls
* Detective Controls
* Corrective Controls
* Compensating Controls
* Directive Controls
80
What are Preventive Controls?
Proactive measures implemented to thwart potential security threats or
breaches
81
What are Deterrent Controls?
Discourage potential attackers by making the effort seem less appealing
or more challenging
82
What are Detective Controls?
Monitor and alert organizations to malicious activities as they occur or shortly thereafter
83
What are Corrective Controls?
Mitigate any potential damage and restore our systems to their normal
state
84
What are Compensating Controls?
Alternative measures that are implemented when primary security
controls are not feasible or effective
85
What are Directive Controls?
● Guide, inform, or mandate actions
● Often rooted in policy or documentation and set the standards for
behavior within an organization
86
What is Gap Analysis?
Process of evaluating the differences between an organization's current performance and its desired performance. Conducting a gap analysis can be a valuable tool for organizations looking to improve their operations, processes, performance, or overall security posture
87
There are 4 main steps involved in conducting a gap analysis
■ Define the scope of the analysis
■ Gather data on the current state of the organization
■ Analyze the data to identify any areas where the organization's current
performance falls short of its desired performance
■ Develop a plan to bridge the gap
88
2 Basic Types of Gap Analysis
■ Technical Gap Analysis
■ Business Gap Analysis
89
What is a Technical Gap Analysis?
● Involves evaluating an organization's current technical infrastructure
● identifying any areas where it falls short of the technical capabilities
required to fully utilize their security solutions
90
What is a Business Gap Analysis?
● Involves evaluating an organization's current business processes
● Identifying any areas where they fall short of the capabilities required to
fully utilize cloud-based solutions
91
What are Plan of Action and Milestones (POA&M) for gap analyses?
● Outlines the specific measures to address each vulnerability
● Allocate resources
● Set up timelines for each remediation task that is needed
92
What does Zero Trust demand?
verification for every device, user, and transaction within the
network, regardless of its origin
93
To create a zero trust architecture, we need to use two different planes
* Control Plane
* Data Plane
94
What does the Control Plane refer to?
Refers to the overarching framework and set of components responsible
for defining, managing, and enforcing the policies related to user and
system access within an organization
95
Which 4 key elements does the Control Plane Encompass?
* Adaptive Identity
* Threat Scope Reduction
* Policy-Driven Access Control
* Secured Zones
96
What is Adaptive Identity?
Relies on real-time validation that takes into account the
user's behavior, device, location, and more
97
What is Threat Scope Reduction?
■ Limits the users’ access to only what they need for their
work tasks because this reduces the network’s potential
attack surface
■ Focused on minimizing the "blast radius" that could occur
in the event of a breach
98
What is Policy-Driven Access Control?
Entails developing, managing, and enforcing user access
policies based on their roles and responsibilities
99
What are Secured Zones?
Isolated environments within a network that are designed to house sensitive data
100
Control Plane uses a -------- and a -------- to make
decisions about access
Policy Engine and Policy Administrator
101
What does a Policy Engine do?
Cross-references the access request with its predefined
policies
102
What is a Policy Administrator used for?
Used to establish and manage the access policies
103
What does a data plane consist of?
Subject/System and Policy Enforcement Point
104
What does a Subject/System refer to in terms of a data plane?
Refers to the individual or entity attempting to gain access
105
What does a Policy Enforcement Point refer to in terms of a data plane?
Where the decision to grant or deny access is actually executed
