Basics and Fundamentals Flashcards
What is the act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction?
Information Security
What is the act of protecting the systems that hold and process our critical data?
Information Systems Security
What are the 3 parts of the CIA triad?
Confidentiality
Integrity
Availability
What is it to have information that has not been disclosed to unauthorized people?
Confidentiality
What is it to have information that has not been modified or altered without proper authorization?
Integrity
What is it to have information that is able to be stored, accessed, or protected at all times?
Availability
What are the AAA’s of security?
Authentication
Authorization
Accounting
When a person’s identity is established with proof and confirmed by a system.
Authentication
Occurs when a user is given access to a certain piece of data or certain areas of a building.
Authorization
Tracking of data, computer usage, and network resources.
Accounting
What are the ways a person’s identity is established?
Something you know. Something you are. Something you have. Something you do. Somewhere you are.
What are the major security threat types?
Malware
Unauthorized Access
System Failure
Social Engineering
Short for malicious software.
Malware
Occurs when access to computer resources and data occurs without the consent of the owner.
Unauthorized Access
Occurs when a computer crashes or an individual application fails.
System Failure
The act of manipulating a user into revealing confidential information or performing other detrimental actions.
Social Engineering
What are 3 ways to mitigate threats?
Physical, technical and administrative controls
Alarm systems, locks, surveillance cameras, identification cards, and security guards.
Physical Controls
Smart cards, encryption, access control lists (ACLs), intrusion detection systems, and network authentication.
Technical Controls
Policies, procedure, security awareness training, contingency planning, and disaster recovery plans.
Administrative Controls
What is the most cost-effective administrative security control to use?
User training
What are the 5 types of hackers?
White, Black, Gray, and Blue Hats, Script Kiddies
A non-malicious hacker who attempts to break into a company’s systems at their request.
White Hat
A malicious hacker who breaks into a company’s computer systems and network without authorization or permission.
Black Hat
A hacker without any affiliation to a company who attempts to break into a company’s network, but risk the law by doing so
Gray Hat
A hacker who attempts to hack into a network with permission of the company but are not employed by the company.
Blue Hat
Hackers who find and exploit vulnerabilities before anyone else does.
Elite Hacker
Hackers with limited skills who only use other people’s exploits and tools.
Script Kiddies
What are 4 types of threat actors in order of lowest to highest skill level?
Script Kiddies
Hacktivists
Organized Crime
Advanced Persistent Threats
Hackers who are driven by a cause like social change, political agendas, or terrorism.
Hacktivists
Hackers who are part of a crime group that is well-funded and highly sophisticated.
Organized Crime
Highly trained and funded groups of hackers, often employed by nation states, with covert and open-source intelligence at their disposal.
Advanced Persistent Threats