Chapter 1: Security Governance Flashcards

1
Q

What are the three primary security principles?

A

Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the CIA Triad?

A

Confidentiality, Integrity, Availability; these are the primary goals and objectives of security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How are security controls evaluated?

A

By how well they address the core info security tenets of Confidentiality, Integrity, and Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How are vulnerabilities and risks evaluated?

A

Based on the threat they pose against one of the CIA Triad principles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the most important principles in security?

A

Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does ‘Confidentiality’ mean?

A

If a security mechanism offers confidentiality, it offers a high level of assurance that data, objects, or resources are restricted from unauthorized subjects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Unauthorized disclosure impacts which security objective?

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How is confidentiality maintained on a network?

A

Data must be protected from unauthorized access, use, or disclosure while in storage, in process, and in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some attacks that focus on the violation of confidentiality?

A

capturing network traffic, stealing password files, social engineering, port scanning, shoulder surfing, eavesdropping, sniffing, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What countermeasures can be used to ensure confidentiality?

A

encryption, network traffic padding, strict access control, rigorous authentication procedures, data classification, extensive personnel training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

List the conditions/aspects of confidentiality.

A

Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion, Isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Describe ‘Sensitivity’

A

One of the conditions/aspects of confidentiality. Refers to the quality of information, which could cause harm if disclosed. Maintaining confidentiality of sensitive information helps prevent harm or damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe ‘Discretion’

A

One of the conditions/aspects of confidentiality. Discretion is an act of decision where an operator can influence or control disclosure in order to minimize harm or damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe ‘Criticality’

A

One of the conditions/aspects of confidentiality. The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe ‘Concealment’

A

One of the conditions/aspects of confidentiality. The act of hiding or preventing disclosure. Often concealment is viewed as a means of cover, obfuscation, or distraction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe ‘Secrecy’

A

One of the conditions/aspects of confidentiality. Secrecy is the act of keeping something a secret or preventing the disclosure of information.

17
Q

Describe ‘Privacy’

A

One of the conditions/aspects of confidentiality. Privacy refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.

18
Q

Describe ‘Seclusion’

A

One of the conditions/aspects of confidentiality. Seclusion involves storing something in an out-of-the-way location which can also provide strict access controls. Seclusion can help enforcement of confidentiality protections.

19
Q

Describe ‘Isolation’

A

One of the conditions/aspects of confidentiality. Isolation is the act of keeping something separated from others. Isolation can be used to prevent commingling of information or disclosure of information.