1.2 Understanding and Applying Security Conepts Flashcards
Understand Security Concepts
What is the Goal of Security in Business?
Implement Controls that Ultimately Increase the Value of Assets.
What is the Focus of Securities Function?
Allow and Enable the Organization to achieve its goals and objectives | Increase the Organization’s value
What 5 Components Make up the CIA(AN) Triad?
Confidentiality | Integrity | Availability | Authenticity | Nonrepudiation
What is the Purpose of Confidentiality? Give and example.
To Protect Assets using Important Principles such as the need Need-to-Know and least privilege; prevents unauthorized disclosure. | Allowing access to databases to tech-team, not all teams such as finance.
What is the Purpose of Integrity? Give an example.
Protects and adds value to assets by making them more accurate, more timely, and more meaningful; prevents unauthorized of accidental changes to assets such as information. | Ensuring access controls are in place to prevent users from modifying others’ data.
What is the Purpose of Availability? Give an example.
Protects critical assets based on value to ensure organizational assets are available when required by stakeholders. | Ensuring an application has load-balancing to prevent DDoS attacks.
Instead of “Goals of /Information/ Security”, What is a Better Term of the CIA Core Pillars of Security?
“Goals of Asset Security”
What is the purpose of Authenticity? | Give an example.
Proves assets are legitimate and bona fide, and verifies that they are trusted and verified. Proves the source and origin of important assets. | Use hashing to verify received content has not been modified.
What is the purpose of Nonrepudiation? Give an example.
Provides assurance that someone cannot dispute the validity of something; the inability to refute accountability or responsibility. | Lot’s of logging to ensure traceability.
