Module 01 - Security Concepts Flashcards
Módulo 01 (31 cards)
Definition:
Assets
Anything of value to a Company
Examples: People, servers, softwares.
Definition:
Threats
Threats are anything with the potential to damage an asset
Examples: Ransomwares, hackers, insiders
Definition:
Threat Agents
Entity that carries out a threat
Definition:
Vulnerability
Security opening on a system or physical on a site.
Definition:
Exploits
Pieces of code that takes advantage of a vulnerability
What are the most basic security principles?
(CIA triad)
- Confidentiality
- Integrity
- Availability
Definition:
What is the Confidentiality in the CIA triad?
Confidentiality is the concept of no asset being accessed by unauthorized persononel
Definition:
What is the Integrity in the CIA triad?
Integrity is the concept of no asset being tampered with nor modified by not authorized actions
Definition:
What is the Availability in the CIA triad?
Availability is the concept of every asset being ready to be used whenever it’s needed.
What are the modern-day security challenges?
Sophisticated attacks
Proliferation of attack softwares
Attack scale and velocity
Acronym:
SOC
Security Operations Center
Acronym:
DevOps
Development and Operations
Acronym:
DevSecOps
Development and Security and Operations
Acronym:
CISO
Chief Information Security Officer
Acronym:
CIRT
Computer Incident Response Team
Single point of contact for incident notification
Acronym:
CSIRT
Computer Security Incident Response Team
Single point of contact for incident notification
Acronym:
CERT
Computer Emergency Response Team
Single point of contact for incident notification
What are the security controls categories?
Managerial
Operational
Technical
Physical
What are the security controls funcional types?
Preventative
Detective
Corrective
Deterent
Directive
Compensating
Definition:
What is the control category “Managerial Control”?
Consists on controls implemented as policies, procedures or other written plans.
Examples: Information Security Policy, BCP - Backup Continuity Plan, DRP - Disaster Recovery Plan
Definition:
What is the control category “Operational Control”?
Operational controls are controls that defines how to perform an activity.
Example: Require company signature in emails.
Definition:
What is the control category “Technical Control”?
A technical control is one implemented by technology, by a software or network appliance.
Example: IDS/IPS, Firewall, EDR, DLP tools
Definition:
What is the control category “Physical Control”?
Physical Controls are implemented to filter unauthorized physical access to sites.
Definition:
What is the control functional type “Preventative Control”?
Preventative Controls are implemented in order to avoid an incident before it happens.
