Remember This: Helpful Tips to Remember for the Exam Flashcards
Confidentiality ensures that data is only viewable by authorised users. The best way to protect the confidentiality of data is by encrypting it. This includes any type of data, such as PII, data in databases, and data on mobile devices. Access controls help protect confidentiality by restricting access. Steganography helps provide confidentiality by hiding data, such s hiding text files within an image file.
:)
Digital signatures can verify the integrity of emails and files and they also provide authentication and non-repudiation. Digital signatures require certificates.
:)
Risk is the likelihood that a threat will exploit a vulnerability. Mitigation reduces the chances that a threat will exploit vulnerability, or reduces the impact of the risk, by implementing security controls.
:)
CompTIA lists the following control types in the objectives:
• Technical controls use technology.
• Administrative controls use administrative or management
methods.
• Physical controls refer to controls you can physically touch.
• Preventive controls attempt to prevent an incident from occurring.
• Detective controls attempt to detect incidents after they have
occurred.
• Corrective controls attempt to reverse the impact of an incident.
• Deterrent controls attempt to discourage individuals from causing
an incident.
• Compensating controls are alternative controls used when a
primary control is not feasible.
Most security controls can be classified as technical (implemented with technology), administrative (implemented using administrative or management methods), or physical (items you can touch).
Technical controls use technology to reduce vulnerabilities. Some examples include encryption, antivirus software, IDSs, IPSs, firewalls and the principle of least privilege. Technical physical security and environmental controls include motion detectors and fire suppression systems.
:)
