Lesson 1

Question 1

What is the CIA Triad?

Answer 1

Confidentiality
Integrity
Availability

Having all three for data information means you have good security. Missing any one of them is a problem for security

Question 2

What is Confidentiality?

Answer 2

Confidentiality - Information has not been disclosed to unauthorized people.

Digital Confidentiality: Public/Private Keys / Encryption Algorithms

When you hear/see “encryption” this is about confidentiality

Question 3

What is Integrity?

Answer 3

Integrity - Information has not been modified or altered without proper authorization.

Only the people who are authorized to to change information able to do so

Think “hashes” when the topic of integrity comes up.

Question 4

What is Availability?

Answer 4

Availability - Information is able to be stored, accessed, or protected at all times.

Need to be able to store, access and protect information at all times.

Question 5

What are the three A’s of Security? (AAA)

Answer 5

Authentication
Authorization
Accounting

Question 6

What is Authentication?

Answer 6

Authentication - When a person’s identity is established with proof and confirmed by a system.

Real world: Driver’s license proves you are you.

Question 7

What are the Five types of Authentication?

Answer 7

Something you know (e.g. password)
Something you are (e.g. fingerprint, facial recognition, etc.)
Something you have (e.g. like a token, a driver’s license, a credit card, etc)
Something you do (e.g. the way you speak, the way you sign your name)
Somewhere you are (e.g. based on your GPS location)

Question 8

What is Authorization?

Answer 8

Authorization - Occurs when a user is given access to a certain piece of data or certain areas of a building.

Question 9

What is Accounting?

Answer 9

Accounting - Tracking of data, computer usage, and network resources.

Think: log files

Question 10

What is Non-Repudiation?

Answer 10

Non-Repudiation - When you have proof that someone has taken an action.

Question 11

What are 4 main categories of security threats?

Answer 11

(1) Malware - Short for malicious software
(2) Unauthorized Access - Access to computer resources and data without the consent of the owner.
(3) System Failure - when a computer crashes or an application fails
(4) Social Engineering - Manipulating a user into revealing confidential information or performing other detrimental actions. (e.g. phishing, posing as a delivery man)

Question 12

What are 3 Categories for Mitigating Threats

Answer 12

(1) Physical Controls
(2) Technical Controls
(3) Administrative (Managerial) Controls

Question 13

What are Physical Controls

Answer 13

Physical Controls - alarm systems, locks, surveillance cameras, identification cards, and security guards (real world physical stuff)

Question 14

What are Technical Controls?

Answer 14

Technical Controls - Smart cards, encryption, access control lists (ACLs), intrusion detection systems, and network authentication

Question 15

What are Administrative Controls?

Answer 15

Administrative Controls - Policies, Security Awareness Training, contingency planning, disaster recovery plans

Two categories:

(1) Procedural Controls - Company decides to do on its own
(2) Regulatory Controls - Controls required by Law