Information Assurance Flashcards
What is information assurance?
Information assurance refer to maintaining the integrity, availability, confidentiality, authenticity, and non-repudiation of information during it’s use, storage, processing, and transfer.
- Integrity
- Availability
- Confidentiality
- Authenticity
- Non-repudiation
What does integrity refer to?
Integrity - all data must be accurate and must not be tampered with.
Ex. If a particular individual goes online to purchase a toaster, a bathtub, and a life-sized cardboard cutout portraying revered actor and intellectual, Ron Jeremy for 145 US dollars in total but then the online receipt regarding the transaction is later altered to say that the individual had only purchased a toaster, then that would qualify as a breach of integrity.
I need a nap.
What does availability refer to?
Availability - all parties who have genuine and legitimate use and authentication regarding to a particular piece of data must have access to to that data.
Ex. The stock market; the data regarding the stock market needs to be actively and constantly available to all participating parties, especially on account of the nature of the service (you can see a purchasing or selling opportunity for just a few seconds sometimes before it becomes irrelevant).
What does confidentiality refer to?
Confidentiality - there must be policies in place which prohibit the unauthorized dispersal of critical information..
What does authenticity refer to?
Authenticity - only those individuals who have proper authorization to access something may access that something.
(Should have compartmentalized lists of which employees or individuals have access to what, and another compartmentalized lists of which services can access which other services).
What does non-repudiation refer to?
Non-repudiation - Must confirm that there is no possible way in which an individual can deny an action they have taken w/in the network.
Ex. Log files, video surveillance, etc.
(also applies to things such as reformed or added policies).
The development of policies
Every system should have a set of policies that encourage behaviors that are beneficial to the system and prevent behaviors that are detrimental to the system.
Every individual element of the system should be made to behave in such a way that benefits the system and does not endanger it in any way.
(doesn’t just apply to employees).
Compartmentalize access privileges.
Most positions w/in a corporation don’t need access to much of the system to complete their tasks, and allowing access to the entirety of the system from a single entry point could be potentially endangering to the system as a whole.
Performing certification and accreditation
Making certain that employees are properly certified can have an absolutely immense effect on the overall security of a system. Having proper certification’ll raise an individuals awareness of security threats and make them much less susceptible to any sort of exploitation by third parties, making for a more secure system all-round.
What you learn from a certification, you’ll need to be able to apply in practice.
