Principles 1 Flashcards
(34 cards)
-a well-informed sense of assurance that the information risks and controls are in balance.
-protection of both data and physical assets.
information security
-must review the origins of this field to understanding of information security today.
security professionals
-the quality or state of being secure- to be free from danger.
-a successful organization should have multiple layrs of security in place
security
-the protection of physical items objects or areas from unauthorized access and misuse.
physical security
-a risk management process that encourage managers to view operations from the perspective of an adversary in order to protect sensitive information from falling into the wrong hands
operations security
the protection of voice and data networking components connections and content.
communication security
-was standard based on confidentiality, integrity, and availability.
-now expanded into list of critical characteristics of information.
C.I.A triangle
(key information security concepts)
-a subject or object’s ability to use manipulate, modify or affect another subject or object
access
(key information security concepts)
-the organizational resource that is being protected
asset
(key information security concepts)
-an intentional and unintentional act that can damage or otherwise compromise information in the systems that support it.
attack
(key information security concepts)
-these are security mechanisms policies or procedures that can successfully counter attack reduce risk resolve vulnerabilities and otherwise imrpove securiity within an organization
control, safeguard or countermeasure
(key information security concepts)
-a technique used to compromise the system
exploit
(key information security concepts)
-a condition or state of being exposed,
exposure
(key information security concepts)
-a single instance of information asset suffering damage or destruction unintended or unauthorized modification or disclosure or denial of use.
loss
(key information security concepts)
the entire set of controls and safeguards including policy education training and awareness and technology that the organization implements to protect the asset.
protection profile or security posture
(key information security concepts)
-the probability of an unwanted occurence such as an adverse event or loss
risk
(key information security concepts)
-a category of objects people or other entities that represent a danger to an asset
threat
(key information security concepts)
-the specific instance or a component of a threat
threat agent
(key information security concepts)
-a weakness of fault in a sstem or protection mechanisms that opens it to attack or damage.
vulnerability
(critical characterisitics of information)
-an attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction.
availability
(critical characteristics of information)
-an attribute of information that describes how data is free of errors and has the value that the user expects.
accuracy
(critical characteristics of information)
-an attribute of information that describes how data is genuine or original rather than reproduced or fabricated.
authenticity
(critical characteristics of information)
-an attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuas or systems
confidentiality
(critical characteristics of information)
-an attribute of information that describes how data is whole complete and uncorrupted
integrity
