A. Information security practices Flashcards
What is confidentiality to information security?
Confidentiality means prevention of unauthorized disclosure of information.
What is integrity to information security?
Integrity ensures information is protected from unauthorized or unintentional alteration, modification or deletion.
What is availability to information security?
Availability means information is readily accessible to authorized users
What is CIA to information security?
Confidentiality, Integrity, Availability
How is risk defined by information security?
The combination of the probability of an event and its consequence (ISO/IEC 73)
The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or legal nature.
controls
Preventive controls
Prevent an incident from occurring (e.g., preventing unauthorized users) - firewalls, passwords, training.
Detective controls
Detect and report when errors, omissions and unauthorized uses of entries occur (e.g., by sounding an alarm and alerting the appropriate person). audits, anti-virus software.
Corrective controls
intended to limit the extent of any damage caused by the incident.
They are designed to correct errors, omissions and unauthorized uses and intrusions once they are detected (e.g., by recovering the organization to normal working status as efficiently as possible). business continuity plans.
Best known and most prominent information security standards.
International Organization for Standardization (ISO) Standards
Privacy and Information Security disconnects
Privacy has a wider set of obligations; confidentiality (personal information, for example phone numbers, is not always confidential); different classification systems
Privacy and Information Security overlaps
Both groups have vested interested in keeping information safe.
Data Destruction
One important way to protect personal information and privacy is to destroy personal information when it is no longer needed
Information security classification categories
Most information security classification schemas use the following categories:
1) Public
2) Confidential
3) Highly confidential
4) Restricted
How to best align information security and privacy teams
Team; don’t reinvent; stay aware; rank and prioritize problems/risks
Access control
Access to an organization’s information systems should be tied to an employee’s role.
No employees should have greater information access than is necessary to perform their job functions.
Segregation of duties.
Ensure one person cannot exploit or gain access to information inappropriately.
Least privilege.
Grant access at the lowest possible level required to perform the function.
Need-to-know access.
Restrict access to only information that is critical to the performance of an authorized, assigned mission
physical controls
locks, fences
technical controls
user logins, firewalls
administrative controls
incident response processes
Administrative Controls
1) incident response processes
2) training
3) oversight
MAC filtering is
a security method based on access control. In this, each address is assigned a 48-bit address which is used to determine whether we can access a network or not.
It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you don’t want on your Wi-Fi.
Data On Demand
aggregates exclusive data sources to create solutions that add insight, create engagement, uplift contact volumes and improve success. We provide data for tracing, verification, marketing and enhancement.
What is server-driven UI?
It is terminology through which the server is responsible for showing and controlling the components(views) on the frontend (in our case mobile app). It is also called as backend-driven UI.
Cloud computing is
the delivery of different services through the Internet. These resources include tools and applications like data storage, servers, databases, networking, and software.
As long as an electronic device has access to the web, it has access to the data and the software programs to run it.
