1 Today's Security Professional Flashcards
What are the three core objectives of cybersecurity?
Confidentiality, integrity, availability
What does confidentiality ensure in cybersecurity?
Unauthorized individuals cannot gain access to sensitive information
What is the purpose of integrity in cybersecurity?
Ensures no unauthorized modifications to information or systems
What does availability ensure in cybersecurity?
Information and systems are ready for legitimate users when requested
What is nonrepudiation?
Prevents someone from denying that they took an action
Give an example of nonrepudiation.
Digital signatures
How are security controls categorized?
Managerial, operational, physical, technical
What are the types of security controls based on their intended purpose? (PDCDCD)
Preventive, detective, corrective, deterrent, compensating, directive
What are the impacts of data breaches on organizations?
Direct and indirect damages, financial repercussions, reputational damage
What can result from operational damage in a data breach?
Availability damages preventing access to information
How must data be protected? (Data states)
In transit, at rest, in use
Why is data vulnerable in transit?
Attackers may eavesdrop on network transmissions
What technology is used to protect data in transit?
Encryption technology
What do data loss prevention (DLP) systems do?
Block data exfiltration attempts
How do DLP systems function at the host level?
Using software agents to search systems for sensitive information
What is the purpose of data minimization?
Reduces risk by reducing the amount of sensitive information maintained
What techniques can be used for data protection when discarding is not possible?
Deidentification, data obfuscation
Name tools used for deidentification and data obfuscation. (HTM)
Hashing, tokenization, masking
