Fundamentals Of Security Flashcards
(17 cards)
Protecting data and information from unauthorized access, modification disruption, disclosure, and destruction
Information security
Protecting the systems
(e.g., computers, servers, network devices)
that hold and process critical data
Information system security
Confidentiality
Integrity
Availability
CIA Triad
Ensures information is accessible only to authorized personnel
(e.g., encryption)
Confidentiality
Ensures data remains accurate and unaltered (e.g., checksums)
Integrity
Ensures information and resources are accessible when needed
(e.g., redundancy measures)
Availability
Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures)
Non-Repudiation
An extension of the CIA triad with the addition of non-repudiation and
authentication
CIANA Pentagon
Authentication
Authorization
Accounting
Triple A’s of Security
Verifying the identity of a user or system (e.g., password checks)
Authentication
Determining actions or resources an authenticated user can access
(e.g., permissions)
Authorization
Tracking user activities and resource usage for audit or billing purposes
Accounting
■ Technical
■ Managerial
■ Operational
■ Physical
Security Control Categories
■ Preventative
■ Deterrent
■ Detective
■ Corrective
■ Compensating
■ Directive
Security Control Types
Operates on the principle that no one should be trusted by default
Zero Trust Model
Adaptive identity, threat scope reduction, policy-driven access
control, and secured zones
Control Plane
Subject/system, policy engine, policy administrator, and establishing policy enforcement points
Data Plane
