1.1 Flashcards
Info Sec
Protecting data from unauthorized access, disruption, disclosure and destruction
Info Systems Sec
Protecting the system s(computer, servers and network devices that hold and process data)
CIA Triad
Confidentiality, Availability and Integrity
CIA Pentagon
Includes non-repudiation and authentication
Triple A’s of Security
Authentication, Authorization and Accounting
Security Control categories
Technical, Managerial, Operational and Physical
Security Control Categories
Deterrent, detective, corrective, directive, preventative and compensating
Threat
Anything that could cause harm, loss, damage or compromise to our security systems (natural disasters, cyber attacks, disclosure of confidential info, data integrity breaches)
Vulnerability
Any weakness in system design or implementation. Software bugs, misconfigured software, improperly protected devices, missing patches and lack of physical security
Risk Management
Finding different ways to minimize the likeihood of an outcome and achieve the desired outcome
Technical Controls
The technologies, hardware and software mechanisms that are implemented to manage and reduce risks
Managerial Controls
also referred to as administrative controls. Involve strategic planning and governance
Operational Controls
Procedures and measures desinged to protect data on a day to day basis.
Physical Controls
tangible real world measures taken to protect assets
Preventative Controls
Proactive measures to thwart potential security threats or breaches