1. Mastering Security Basics Flashcards
Use Case
a goal that an organization wants to achieve.
CIA Security Triad
Confidentiality, Integrity, and Availability
Confidentiality
prevents the unauthorized disclosure of data.
Encryption
scrambles data to make it unreadable by unauthorized personnel.
What are the three Access Controls?
identification, authentication, authorization
Steganography
practice of hiding data in data.
Integrity
provides assurances that data has not changed.
Hash
a number created by executing a hashing algorithm against data, such as a file or a message.
The 3 MAC’s
media access control
mandatory access control
message authentication code
What’s that acronym?
PKI
public key infrastructure
Availability
idicates that data and services are available when needed.
Risk
is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.
Vulnerability
is a weakness
Threat
is any circumastance or event that has the potential to compromise confidentiality
Security Incident
is an adverse event or series of events that can negatively affect the condifentiality, integrity, or availability of an organization’s informatation technology systems and data
Risk Mitigation
reduces the chances that a threat will exploit a vunerability., or reduces the impact of the risk, by implementing security controls.
Technical controls and the 6 common types?
use technology to reduce vulnerabilities.
Common types:
Encryption
Antivirus Software
Intrusion detection systems (IDSs) and Intruson Prevention Systems (IPSs)
Firewalls
Least Privilege
Administration Controls and common types?
use methods mandated by organizational policies or other guidlelines.
Also known as Operational Controls
Risk assessments
Vulnerability assessments
Penetrative tests
Awarness and training
Configuration and change managment
Contingency training
Media Protection (physical media)
Physical and enviromental protection
Physical Controls
are any controls that you can physically touch.
Lighting
Signs
Fencing
Security guard
etc
Preventive Controls
to prevent security incidents.
Hardening
Security Awareness and training
Security Guards
Change Managment
Account Disablement policy
Hardening
is the practice of making a system or application more secure than its default configuration.
Detective Controls and some common types?
attempt to detect when vulnerabilities have been exploited, resulting in a security incident.
Log monitoring
Trend analysis
Security audit
Video surveillance
Motion detection
What’s that acronym?
IDS
intrusion detection system
What’s that acronym?
CCTV
closed-circuit television
Corrective controls and some common exaples?
attempt to reverse the impact of an incident or problem after it has occured.
IPS
Backups and system recovery
What’s the acronym?
IPS
intrusion prevention system
Deterrent controls and some common examples?
attempt to discourage a threat.
Many of these controls can also be preventative controls
Cable locks
Hardware locks
Compensating controls
are alternative controls used instead of a primary control.
TPOTP
What’s that acronym?
TOTP
Time-based One-Time Password
Type I Hypervisors
run directly on the system hardware
Type II Hypervisors
run as software within a host operating system.
Kernal
central part of the operating system.
What’s that acronym?
VM
Virtual Machine
What’s the acronym?
NIC
Network interface card
