Chapter 1 - Security Fundamentals Flashcards
Simple overview of SSCP
What does AIC/CIA stand for?
- Availability
- Integrity
- Confidentiality
Define Confidentiality in the context of AIC/CIA.
The implementation of Authentication and Access controls as well as Encryption of data to protect against unauthorized disclosure of information.
Define Integrity in the context of AIC/CIA.
The implementation of controls that prevent unauthorized or unwanted modification of data and systems.
Data hashing and audit logging are two methods of verifying data integrity.
Define Availability in the context of AIC/CIA.
The implementation of fault tolerance, backups and redundancy to support availability of systems and data as well as provide for recovery in the event of server failure.
Backups, redundant disks, servers, connections and sites all support availability.
What is Least Privilege?
Users are granted permissions only to those systems and data they need to perform their job.
What is Separation of Duties?
Ensures that no single person has complete control over a process. This can reduce the risk of fraud in an organization.
For example, the approval of an invoice and payment of an invoice would belong to two different people.
What are the 3 different types of Sensitive Data?
- PII - Personally Identifiable Information
- PHI - Protected Health Information
- IP - Intellectual Property
What is Defense In Depth?
A strategy that provides a layered approach to security by implementing multiple controls at different layers.
What is Nonreprudiation?
Ensures that a party cannot believably deny (repudiate) taking an action.
This is managed via means such as secure audit logging and digital signatures.
What are the AAAs of Security
- ) Authentication - Verifies Who you are
- ) Authorizations - Verifies what you have permissions to/for.
- ) Accounting - Monitoring and Tracking of your activity
What is due diligence?
Investigative steps that are taken prior to taking on something new such as signing a contract with a Vendor.
What is due care?
The practice of implementing security policy and practice to protect resources.