Chapter 1 - Security Fundamentals Flashcards

Simple overview of SSCP

1
Q

What does AIC/CIA stand for?

A
  1. Availability
  2. Integrity
  3. Confidentiality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Confidentiality in the context of AIC/CIA.

A

The implementation of Authentication and Access controls as well as Encryption of data to protect against unauthorized disclosure of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Integrity in the context of AIC/CIA.

A

The implementation of controls that prevent unauthorized or unwanted modification of data and systems.

Data hashing and audit logging are two methods of verifying data integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Availability in the context of AIC/CIA.

A

The implementation of fault tolerance, backups and redundancy to support availability of systems and data as well as provide for recovery in the event of server failure.

Backups, redundant disks, servers, connections and sites all support availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Least Privilege?

A

Users are granted permissions only to those systems and data they need to perform their job.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Separation of Duties?

A

Ensures that no single person has complete control over a process. This can reduce the risk of fraud in an organization.

For example, the approval of an invoice and payment of an invoice would belong to two different people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 3 different types of Sensitive Data?

A
  1. PII - Personally Identifiable Information
  2. PHI - Protected Health Information
  3. IP - Intellectual Property
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Defense In Depth?

A

A strategy that provides a layered approach to security by implementing multiple controls at different layers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Nonreprudiation?

A

Ensures that a party cannot believably deny (repudiate) taking an action.

This is managed via means such as secure audit logging and digital signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the AAAs of Security

A
  1. ) Authentication - Verifies Who you are
  2. ) Authorizations - Verifies what you have permissions to/for.
  3. ) Accounting - Monitoring and Tracking of your activity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is due diligence?

A

Investigative steps that are taken prior to taking on something new such as signing a contract with a Vendor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is due care?

A

The practice of implementing security policy and practice to protect resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly