Module 1 Flashcards
1.1: Analyze the current landscape of information assurance and computer security. 1.2: Evaluate trends in information assurance and computer security. 1.3: Determine the importance of security in the IT industry and its impacts across other fields. 1.4: Execute security principles and strategies. 1.5: Analyze security principles and strategies. 1.6: List bad security practices that are commonly observed in daily life. 1.7: Explain which security principles bad practices are breaking (48 cards)
What are the challenges of Cyber Security?
System availability, data integrity, and privacy
What is Information Assurance?
An application that encompasses scientific, technical, and management disciplines that are required to ensure information security and quality
What are the forms of information?
Hard copy, soft copy, records of meetings, telephone conversations, video conferences, and personal data
What are the states of information?
Transmitted, Processed, and stored
What are the components of information security?
Confidentiality, Integrity, and availability
What’s a threat?
A potential occurrence that can have undesirable effect on system assets or resources
what are the threat categories?
Disclosure, Deception, Disruption, and Usurpation
what is vulnerability?
a weakness that makes it possible for a threat to occur
what are the Information Characteristics?
Authentication, Non-repudiation, secrecy, and privacy
What is Authentication?
Validity of transmission, message, originator, or means of verifying an individuals means of authorization
what is Non-repudiation
Assurance that sender of data is provided with proof of delivery to recipient, and recipient is provided with proof of sender Identity
what is Secrecy?
Cryptography and computer access control. Limits the number of principals who can access information
what is Privacy?
The ability/right to protect private information
What is confidentiality?
Determines the secrecy of information
what are the confidentiality principles
- need to know
- data sep
- compartmentalization
- classification
- encryption
what is the weakest link?
Security is only as strong as the weakest link
What are the security strategies
obscurity, perimeter defence, defence in depth
Defence in depth
A number of IA layers of defence that are operationally interoperable an complementary technical and non-technical
enclave
an env under control of a single authority with personal and physical security
what is the make up of defence in depth?
1.perimeter def around each enclave
2. multiple complicated connections between an enclave and outside
3. multiple layers and a diff solution req for each connection
What is the general layered arch model for defence in depth?
layer 1: IA policies
layer 2: IA management
layer 3: AI architecture (Technical IA infrast)
layer 4-10: non-technical implementation
what does layer 3 in layered arch model ensure?
ensures the minimal level of interoperability and services are available to authorized users.
How many and what types of levels of security does layer 3 implement?
- physical ,procedural, and logical security
what is L4 in layered arch model
operational security administration
