Chapter 1 - Basic Security Flashcards
What are the three fundamental questions about security?
- What assets need protection?
- How are the assets threatened?
- What counteractions can be used to mitigate the threat?
What is the NIST definition of Security?
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources ( includes hardware, software, firmware, information/data and telecommunications
What is the CIA triad?
- Confidentiality
- Integrity
- Availability
What are the subtopics of confidentiality?
Data and privacy confidentiality
What are the subtopics of integrity?
Data integrity and system integrity
What was added to the CIA triad?
Authenticity and accountability
What is low level impact?
Minot damages, financial loss and injury
What is moderate level impact?
Significant damages, financial loss and injury
What is high level impact?
Catastrophic damages, financial loss and injury
What are assets?
Anything that needs to be protected
What is vulnerability?
A flaw of weakness in a systems design, implementation or operations and management that could be exploited to violate the systems security policy
What are threats?
Exploitation; a potential for violations of security, which exists when there is a circumstance, capability, actions or event that could breach security and cause harm. That is a threat is a possible danger that might exploit a vulnerability.
What is an attack?
A threat that has been acted upon
What are the 17 functional areas of computer security?
Access control Identification Authentication System and communication protection System and information integrity protections Awareness and training Auditing and accountability Certification provide identification authenticity Accreditation Security assessments Contingency planning Maintenance(updates) Physical/ environmental protection Planning Personal security Risk assessment System acquisition
