Chapter 1 Flashcards
What is the CIA Triad?
Three principles of security control and management. Also known as the information security triad. Also
referred to in reverse order as the AIC triad.
Confifidentiality
The fundamental security goal of keeping information and communications private and protecting them from
unauthorized access.
Integrity
The fundamental security goal of keeping organizational information accurate, free of errors, and without
unauthorized modifications.
Availability
The fundamental security goal of ensuring that computer systems operate continuously and that authorized
persons can access data that they need.
Non-repudiation
The security goal of ensuring that the party that sent a transmission or created data remains associated with that
data and cannot deny sending or creating that data.
National Institute of Standards and Technology
(NIST)
Develops computer security standards used by US federal agencies and publishes cybersecurity best practice
guides and research
cybersecurity frameworks (CSF).
Standards, best practices, and guidelines for effective security risk management. Some frameworks are general
in nature, while others are specific to industry or technology types.
security controls
A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality,
integrity, and availability (CIA) of information.
Gap analysis
An analysis that measures the difference between the current and desired states in order to help assess the
scope of work included in a project.
identity and access management (IAM)
A security process that provides identification, authentication, and authorization mechanisms for users,
computers, and other entities to work with organizational assets like networks, operating systems, and
applications.
Identification
The process by which a user account (and its credentials) is issued to the correct person. Sometimes referred to
as enrollment.
Authentication
A method of validating a particular entity’s or individual’s unique credentials.
Authorization
The process of determining what rights and privileges a particular entity has.
Accounting
Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is
detected or attempted.
authentication, authorization, and accounting (AAA)
A security concept where a centralized platform verifies subject identification, ensures the subject is assigned
relevant permissions, and then logs these actions to create an audit trail.