block 8 information protection

Question 1

three components of the CIA TRIAD

Answer 1

• Confidentiality
• Integrity
• Availability
• focuses on data protection from IT Security standpoint (ITsec)

Question 2

Confidentiality

Answer 2

• ensuring information is
  accessible only to those authorized to have access

Question 3

what is data in use?

Answer 3

-data actively changing.

• application layer of the OSI model.

Question 4

what is Data-in-motion?

Answer 4

• AKA data-in-transit
• data traversing a network, the internet, etc.
• data in flight = wireless

Question 5

what is data at rest?

Answer 5

data must not currently be in
use or moving point-to-point.
(ex. files, folders, drives, etc)

Question 6

what is integrity?

Answer 6

(AKA data authenticity) data not altered in an unauthorized manner from point of origin to delivery

Question 7

what is hashing?

Answer 7

• mathematical formula to data
• binary form
• taking a virtual snapshot of the data.

Question 8

what is availability?

Answer 8

• assures that systems work when needed, resources are accessible at all times, and authorized users are not denied services

Question 9

what does the AAA model focus on?

Answer 9

-maintains CIA triad via access control

• focuses on controlling access to info + data

Question 10

what is identification?

Answer 10

system to prove individual identity

• Ex. usernames, passwords, CACs, digital tokens, key fobs, and biometrics

Question 11

what is authentication?

Answer 11

• verifies identification factors

(Ex. CAC card pin)
cac card is identification
pin = authentication

Question 12

what is authorization?

Answer 12

system applies permissions to a user’s account after logging in to said system

Question 13

what is accounting?

Answer 13

deals with logging activity so that different departments can be held responsible for their usage of the different services, user and device activity can be tracked and create a chain of custody-type of management workflow, and ensure non-repudiation occurs properly.

• Accounting is done
  with various logging events such as system logs, security logs, and application logs.

Question 14

what is non-repudiation?

Answer 14

recipient proof of actions (receipts), so neither can later deny having processed the information.

Question 15

what are the 2 acts that grant exceptions to entities?

Answer 15

• USA patriot ACT 2001
• reduce restriction laws to detect and suppress terrorism.
• Electronic Communication Privacy Act (ECPA) of 1986
  reduce criminal penalties when unauthorized access to the electronic communication is not for a
  tortious or illegal purpose or private commercial gain

Question 16

what are the 2 acts that propose penalties on those who abuse systems and resources?

Answer 16

• Sarbanes Oxley Act (SOX) of 2002
  “The Act contains provisions affecting corporate governance, risk management, auditing,
  and financial reporting of public companies, including provisions intended to deter and punish corporate
  accounting fraud and corruption.”

SOX- fined up to $5,000,000 and
receive 20 years in prison.

• Health Insurance Portability and Accountability Act (HIPAA) of 1996
• protect personal health information (PHI) from being disclosed without their consent or knowledge

Violating HIPAA can lead to 10 years in prison and a $250,000 fine

Question 17

what is a policy?

Answer 17

“plan embracing goals and acceptable procedures especially of a governmental body

Question 18

what is a procedure?

Answer 18

series of actions done in a certain way or order

Question 19

what is principle of least privilege (PoLP)?

Answer 19

• should only have the necessary privileges to complete their tasks

Question 20

what are security policies?

Answer 20

• define objectives/constraints for security program

Question 21

what is awareness?

Answer 21

NIST SP 800-50 = Awareness is not training.

goal = focus attention on security.

Awareness presentations allow individuals to recognize IT security concerns and respond accordingly. (done by SAT)

Question 22

what is security awareness training (SAT)?

Answer 22

• entire user population
  consists of
  1) TRAINING
• personnel to cover the importance of securing information

2) INFORMING
- users of their roles in daily IT security responsibilities, as documented in agency
security policy and procedures

3) STEPS
-personnel need to take to help ward off attacks

Question 23

what is user agreement?

Answer 23

must agree to certain conditions before they may have access.

• contain acceptable use policy (AUP)
  classification of information, and Personally Identifiable Information (PII).

Question 24

what is user accountability?

Answer 24

NIST SP 800-16

• individual accountability should be one of your organization’s prime security objectives and derived from a fully informed, well-trained, and aware workforce.
  hopes of less disruptions or compromises by accountability

Question 25

what is risk assessment?

Answer 25

process of testing security controls to discover a system’s strengths and
weaknesses/vulnerabilities.

Question 26

what is risk acceptance?

Answer 26

that you understand and accept the risk as-is.

Question 27

what is risk avoidance?

Answer 27

you decide not to perform that activity anymore in order to avoid the risk.

Question 28

what is risk mitigation?

Answer 28

taking steps to reduce the probability of occurrence of a particular risk.

• incorporates threat and vulnerability analysis, and considers mitigations provided by security controls planned or in place.

Question 29

what is risk transference?

Answer 29

you share the risk with another entity since you can never fully remove risk from the picture.

Question 30

what is an event?

Answer 30

Any observable occurrence in a network or system and appears suspicious
tracked by monitoring devices like
IDS + IPS

Question 31

what is an incident?

Answer 31

An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system

• aka scanning attacks, compromise, malicious code attacks, denial of service attacks, and loss or
  theft.