9. Security Flashcards
Confidentiality =
Permitting authorized access while protecting information and resources from improper disclosure
Confidentiality - 5 main threats
Snooping; Dumpster Diving; Eavesdropping; Wiretapping (electronic eavesdropping - use encryption); Social Engineering
Integrity =
protecting against unauthorized changes to information
Integrity - 4 main types of attacks
Unauthorized modification; Impersonation; Man in the Middle; Replay
Availability
Insuring systems and information are accessible by authorized users when they need access
Availability - 5 main types of disruptions
DDoS; Power Outages; Hardware Failures; Destruction of Equipment; Service Outages
Device Security - 5 ways to protect
Anti-virus software; Host Firewalls; Passwords/MFA; Security Updates; secure browsing
3 Main privacy concerns
protecting our own data; educating our users; protecting data collected by our organization
2 Common types of private information
PHI and PII
PII =
all information that can be tied back to a specific individual
PHI =
health care records regulated under HIPPA
Security Policy Framework - 4 types of documents
policies (mandatory); standards (mandatory); Guidelines (optional); procedures
3 elements of access control
Identification; authentication; authorization
Identification (access control)
Individual makes a claim of their identity (username)
Authentication (access control)
proving a claim of identity (password/mfa)
