Basics and Fundamentals Flashcards
What is the act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction?
Information Security
What is the act of protecting the systems that hold and process our critical data?
Information Systems Security
What are the 3 parts of the CIA triad?
Confidentiality
Integrity
Availability
What is it to have information that has not been disclosed to unauthorized people?
Confidentiality
What is it to have information that has not been modified or altered without proper authorization?
Integrity
What is it to have information that is able to be stored, accessed, or protected at all times?
Availability
What are the AAA’s of security?
Authentication
Authorization
Accounting
When a person’s identity is established with proof and confirmed by a system.
Authentication
Occurs when a user is given access to a certain piece of data or certain areas of a building.
Authorization
Tracking of data, computer usage, and network resources.
Accounting
What are the ways a person’s identity is established?
Something you know. Something you are. Something you have. Something you do. Somewhere you are.
What are the major security threat types?
Malware
Unauthorized Access
System Failure
Social Engineering
Short for malicious software.
Malware
Occurs when access to computer resources and data occurs without the consent of the owner.
Unauthorized Access
Occurs when a computer crashes or an individual application fails.
System Failure
The act of manipulating a user into revealing confidential information or performing other detrimental actions.
Social Engineering
What are 3 ways to mitigate threats?
Physical, technical and administrative controls
Alarm systems, locks, surveillance cameras, identification cards, and security guards.
Physical Controls
Smart cards, encryption, access control lists (ACLs), intrusion detection systems, and network authentication.
Technical Controls
Policies, procedure, security awareness training, contingency planning, and disaster recovery plans.
Administrative Controls
What is the most cost-effective administrative security control to use?
User training
What are the 5 types of hackers?
White, Black, Gray, and Blue Hats, Script Kiddies
A non-malicious hacker who attempts to break into a company’s systems at their request.
White Hat
A malicious hacker who breaks into a company’s computer systems and network without authorization or permission.
Black Hat