Security and Risk Management Flashcards
(17 cards)
Nonrepudiation is made possible through what principles?
Identification, Authentication, Authorization, Accountability, and Auditing.
What is the ultimate goal of threat modeling?
To Prioritize the potential threats against an organization’s valuable assets.
What is security through obscurity?
The idea of not informing a subject that an object exists and hoping the subject will not find the object. It is not effective security.
Identification
The subject must provide an identity to a system to start the process of authentication, authorization, and accountability.
Confidentiality
Objects are not disclosed to unauthorized subjects.
Integrity
Objects are intentionally modified by authorized subjects only.
Availability
Authorized subjects are granted timely and uninterrupted access to objects.
Authentication
Verifying that a claimed identity is valid.
Authorization
The function of specifying the access rights/privileges
to resources.
Security Governance
Practices related to supporting, defining, and directing the security efforts of an organization.
Auditing
Means by which subject are held accountable for their actions while authenticated on a system
Why can auditing detect and be used for?
- Unauthorized or abnormal behavior, attempted intrusions, system failures
- Reconstruct events, evidence for a prosecution, problem reports and analysis
Accountability
Subjects are held accountable for their actions
3 Types of Security Management Planning
- Strategic
- Tactical
- Operational
Security Policy Structure
Security policy, baselines, guidelines, and procedures.
Due Diligence
- The act of investigating & understanding the risks the organization faces
- Understanding the risks & threats
Due Care
- By developing security planning, policies, procedures, & standards, an organization is practicing due care
- Implementing the countermeasures
