1.2 Security Goals & Controls Flashcards
CIA Triad:
Confidentiality: Protecting information from unauthorized access.
Integrity: Ensuring information is accurate and complete.
Availability: Ensuring information is accessible when needed.
Non-Repudiation: Proving that a specific action was performed by a specific individual.
Authentication, Authorization, and Accounting (AAA)
Authentication: Verifying the identity of a user or device.
Knowledge-based: Passwords, PINs
Possession-based: Smart cards, tokens
Inherence-based: Biometrics (fingerprint, facial recognition)
Authorization: Granting permissions to access resources.
Accounting: Tracking user activity and resource usage.
Security Control Categories
Technical Controls: Security measures implemented through technology.
Firewalls, intrusion detection systems, encryption, etc.
Administrative Controls: Policies, procedures, and guidelines.
Access control policies, security awareness training, incident response plans.
Physical Controls: Physical safeguards to protect hardware and facilities.
Locks, security guards, surveillance cameras, environmental controls.