Chapter 1 Flashcards
Security Governance Through Principles and Policies
Define Information Technology or Information Systems
The hardware and software that support the operations or functions of a business
What are the three common types of security evaluation?
Risk Assessment, Vulnerability Assessment, and Penetration testing
Define Risk Assessment
identifying assets, threats, and vulnerabilities to calculate risk. Once risk is understood, it is used to guide the improvement of the existing security infrastructure
Define Vulnerability assessment
automated tools to locate known security weaknesses, which can be addressed by adding more defenses or adjusting the current protections.
Define Penetration testing
uses trusted teams to stress-test the security infrastructure to find issues that may not be discovered by the prior two means and to find those concerns before an adversary takes advantage of them.
What are the 5 Pillars of Information Security
confidentiality, integrity, availability, authenticity, and nonrepudiation
What 3 Pillars of Information Security are CIA
Confidentiality, Integrity, Availability
What is Confidentiality?
the concept of the measures used to ensure the protection of the secrecy of data, objects, or resources. The goal of confidentiality protection is to prevent or minimize unauthorized access to data. Confidentiality protections prevent disclosure while protecting authorized access.
What are the 8 concepts of Confidentiallity?
Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion, Isolation
What is Sensitivity?
refers to the quality of information that could cause harm or damage if disclosed.
What is Discretion?
a decision where an operator can influence or control disclosure to minimize harm or damage.
What is Criticality?
The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information.
What is Concealment
The act of hiding or preventing disclosure. Concealment is often viewed as a means of cover, obfuscation, or distraction. A related concept to concealment is security through obscurity, which attempts to gain protection through hiding, silence, or secrecy.
What is Secrecy?
the act of keeping something a secret or preventing the disclosure of information.
What is Privacy?
keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.
What is Seclusion?
storing something in an out-of-the-way location, likely with strict access controls.
What is Isolation?
the act of keeping something separated from others.
What is integrity
the concept of protecting the reliability and correctness of data.
What are the three perspectives of integrity?
Preventing unauthorized subjects from making modifications
Preventing authorized subjects from making unauthorized modifications, such as mistakes
Maintaining the internal and external consistency of objects so that their data is a correct and true reflection of the real world and any relationship with any other object is valid, consistent, and verifiable
What is accuracy?
Being correct and precise
What is truthfulness?
Being a true reflection of reality
What is validity?
Being factually or logically sound
What is accountability?
Being responsible or obligated for actions and results
What is responsibility?
Being in charge or having control over something or someone
