Ch. 6 Flashcards
What is confidentiality?
Restrict access to authorized individuals
What is integrity?
Data has no been altered in an unauthorized manner
What is availability?
Information can be accessed and modified by authorized individuals in an appropriate timeframe
What are the tools for information security?
- Authentication
- Access control
- Encryption
- Passwords
- Backup
- Firewalls
- Virtual private networks (VPN)
- Physical security
- Security policies
What is authentication?
Persons accessing the information is who they say they are.
What is access control?
Once it is authenticated, it only provides access to information necessary to perform their job duties to read, modify, add, and/or delete information and is broken up into:
- Access control list (ACL)
- Role-based access control (RBAC)
What is access control list (ACL)?
Created for each resource (information) and is a list of users that can read, write, delete or add information and it is difficult to maintain all the lists.
What is role-based control (RBAC)?
Rather than individual lists, users are assigned to roles and these roles define what they can access and simplifies administration.
What is encryption?
An algorithm (program) that encodes or scrambles information during transmission or storage. It is decoded/scrambled by only authorized individuals to read it.
Both the coder and reader agree on the encryption method to use. What two encryption methods are there using keys?
- Symmetric key
2. Public key
What is a symmetric key?
Sender and receiver have the key which can be risky
What is a public key?
A public and private key is used where the public key is used to send an encrypted message and a private key that the receiver uses to decode the message
What are passwords?
Single-factor authentication (user ID/password) is the easiest to break
What is a backup?
Important information should be backed up and stored in a separate location.
What is a firewall?
Inspects and stops packets of information that don’t apply to strict set of rules.
What are hardware firewalls connected to?
Connected to the network
What two kind of firewalls are there?
Hardware and software
What do software firewalls run on?
The operating system and intercepts packets as they arrive to a computer
What is intrusion detection systems (IDS)?
This watches out for specific types of activities to alert security personnel of potential network attack
What are virtual private networks (VPN)?
Some systems can be made private using an internal network to limit access to them. Can’t be accessed remotely and are more secure and requires specific connections such as being onsite.
What is physical security?
Protection of the actual equipment.
What are security policies?
- The starting point in developing an overall security plan
- The formal, brief, and high-level statement issued by senior management.
- Security policies focus on confidentiality, integrity and availability.
What steps should you take as an individual to be more secure yourself?
- Keep your software up to date
- Install antivirus software
- Use public networks carefully
- Backup your data
- Secure your accounts with two-factor authentication
- Make your passwords long, unique, and strong
- Be suspicious of strange links and attachments
