Intro Flashcards
(35 cards)
what does CIA stand for in cyber security
Confidentiality, integrity and availability
Describe C in CIA
C stands for confidentiality. Need to make sure data is secure when it is stored, transmitted and when being processed
What are some key components of confidentiality in CIA
Need to make sure data is hidden and visible to authorize dusers
how can you enforce confidentiality
encryption - not making data available to unauthorized users.
describe I in CIA
Data must be accurate and complete and has not been modified
how is integrity enforced?
By hashes : summary or message of original data.- and comparing both hashes
Describe A in CIA
Availability: making sure data is available as and when required
what are violation of availability
damage web server or slow downs web server . slower down process times
how can availability be enforces
By redundancy: covering all bases - install multiple communication link so if some are affected you still have back ups
what does IAM stand for
Idetity and access management
what does IAAA stand for
identification, (name- not authentication), authentication ( proof who you are- ex. secret pin), authorization ( diff levels of access), accountability ( holder is accountable)
what is the I in IAAA
Identification: a subject claims and identity e. id badge, retina,
what is the first A in IAAA
Authetication: a subject prooves identity
ex. password, pin or metric data
what are the phases in an identity lifecycle
1st- provisioning - ex. new accounts
2nd review- periodic account reviews- ex. person moves up
3rc- revocation- disable accounts of employee who leaves
what are the types of authentication pass words
type 1- password, pin
type 2- mobile, sim , badge
type 3- something that you are- fingerprint, retina
what is the best type of authetication
multifactor( combines more than 1) _ type 1 and type 2 - ex. password and mobile phone
explain types of authentication
type 1- something you know
type 2- something u have
type 3 - something u are
what is an identity federation
provide the relationship so redundant accounts are not created. use credentials from one account to log onto multiple systems /
what are token based authentication
server will generate token and send to client
what is single sign on
user logins in once and has access to everything on accounts ( within single organization)
what are protocols used i authentication
SAML - standar dfor single sign on implementations
oauth- standard for authorization between parties
-OIDC- build on top of oauth , single sign off implementation
what are the security governance to ensure decent and securie policies
policies, - broad, high level
standard - rukes to achieve intent of policies
procedures and guidelines - specific stesp to acienve consistency - train employes
what is PII in security regulation
Personally identifuable information - ex. indentify, contact or locate someone
what is PHI in security regulatioon
protected health information - ex.health information linked to someone
