Sec+ Domain 1 Flashcards
Jason Dion Course (33 cards)
Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, and corruption, and destruction
Information Security
When referring to Information Security we are talking about the data the system holds or the system itself?
The data the system holds
Act of protecting the systems that hold an process the critical data
Information Systems Security
What are the 3 pillars of security?
Confidentiality, Integrity, Availability (CIA)
Ensures that information is only accessible to those with appropriate authorization.
Confidentiality
Ensures that data remains accurate and unaltered unless modification is required.
Integrity
Ensures that information and resources are accessible and functional when needed by authorized users.
Availability
Guaranteeing that a specific action or event has taken place and cannot be denied by the parties involved.
Non-repudiation
What is the pentagon in security that started as a triad?
CIA + NA
Confidentiality, Integrity, Availability,
Non-repudiation, Authenticaion
What are the AAA of security?
Authentication, Authorization, Accounting
Process of verifying the identity of a user or system.
Authentication
Defines what actions or resources a user can access?
Authorization
Act of tracking user activities and resource usage, typically for audit or billing purposes.
Accounting
Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data.
Security controls
Security model that operates on the principle that no one, whether inside or outside the organization, should be trusted by default.
Zero Trust
Zero trust model uses the ____ ____ which consists of the adaptive identity, threat scope reduction, policy-driven access control, and secured zones.
Control plane
Zero trust model uses the ____ ____ which focuses on the subject/system, policy engine, policy administrator, and establishing policy enforcement points.
Data plane
Anything that could cause harm, loss, damage, or compromise to information technology systems.
Threat
Any weakness in the system design or implementation.
Vulnerability
Risk is at the intersection of?
Threats and vulnerabilities
Threat + No Vulnerability = ?
No Risk
Vulnerability + No Threat = ?
No Risk
Threat + Vulnerability = ?
Risk
Finding different ways to minimize the likelihood of an outcome occurring and achieve the desired outcomes.
Risk management
