Mastering Security Basics Flashcards
(30 cards)
What is CIA triad?
CIA triad stands for Confidentiality, Integrity, and Availability. It’s a fundamental concept in information security.
Define Confidentiality
Confidentiality ensures that information is only accessible to those who are authorized to view it.
Define Integrity.
Integrity ensures that data remains accurate, complete, and unaltered.
Define Availability.
Availability ensures that information and resources are accessible and usable when needed.
What is Risk Management?
Risk Management is the process of identifying, assessing, and prioritizing risks followed by the coordinated application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events.
What is Vulnerability?
A vulnerability is a weakness that could be exploited by a threat to breach security.
What is Threat?
A threat is any potential danger to information or systems.
Define Exploit.
An exploit is a piece of software, a chunk of data, or a sequence of commands that take advantage of a bug, glitch, or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).
What are the four security Categories?
Technical, Managerial, Operational, Physical.
Describe technical controls
Use of technology such as hardware, software, and firmware to reduce vulnerabilities.
Describe Managerial controls.
Administrative documents or policies to enforce security protocols.
Provide some examples of technical controls.
Encryption, Antivirus software, intrusion detection system (IDSs) and intrusion prevention systems (IPSs), Firewalls, Least privilege.
What are some examples of Managerial controls
Risk assessment, vulnerability assessments,
Describe Operational security controls.
Ensure daily operations and compliance of an organizations security plan.
Provide some examples of operational security controls
Patrols, personnel security, awareness and training, configuration management
Describe physical security controls.
Physical security controls are physical objects or items to deter unauthorized personnel from areas of data
Provide some examples of physical security controls.
Bollards or other barricades, access control vestibules, lighting, signs, fences, sensors, cameras.
What are the 6 controls types?
Preventative, deterrent, detective, corrective, compensating, and directive.
What are some examples of preventative control types?
Firewalls, software applications, Access control list(ACL), security guards, intrusion prevention systems (IPSs), Patch Managment, Antivirus or anti-malware software,
What is a preventative control?
Use of policies to mitigate or stop security risk before they occur.
What is a deterrent control type?
Discourage or deter an attacker from carrying out unauthorized activities.
What are some examples of deterrent controls
Warning or Security signs, login banners,
What is a detective security control?
Identifies security events or breaches when they have already occurred.
What are some examples of detective controls?
Security information event management (SIEM), log monitoring,security audit, Video Surveillance (CCTV), intrusion detection system (IDSs)
