1: Security principles - Security concepts of info assurance Flashcards
what is the CIA triad
confidentiality, integrity, availability
Personally Identifiable Information (PII)
any data about an individual that could be used to identify them
protected health information (PHI)
information regarding one’s health status, and classified or sensitive information, which includes trade secrets, research, business plans and intellectual property.
sensitivity
measure of the importance assigned to information by its owner, or the purpose of denoting its need for protection
Integrity
measures the degree to which something is whole and complete, internally consistent and correct
Data integrity
assurance that data has not been altered in an unauthorized manner
System integrity
maintenance of a known good configuration and expected operational function as the system processes the information
Availability
defined as (1) timely and reliable access to information and the ability to use it, and (2) for authorized users, timely and reliable access to data and information services.
authentication
process of verifying or proving the user’s identification
three common methods of authentication:
- Something you KNOW: Passwords or passphrases
- Something you HAVE: Tokens, memory cards, smart cards
- Something you ARE: Biometrics , measurable characteristics
single-factor authentication (SFA)
Using only one of the methods of authentication
multi-factor authentication (MFA)
Granting users access only after successfully demonstrating or displaying two or more of these methods
Common best practice (authentication)
implement at least two of the three common techniques for authentication:
- Knowledge-based
- Token-based
- Characteristic-based
Knowledge-based authentication
uses a passphrase or secret code to differentiate between an authorized and unauthorized user
Non-repudiation
is a legal term and is defined as the protection against an individual falsely denying having performed a particular action