Chapter 1: Security Governance Flashcards
What are the three primary security principles?
Confidentiality, Integrity, Availability
What is the CIA Triad?
Confidentiality, Integrity, Availability; these are the primary goals and objectives of security
How are security controls evaluated?
By how well they address the core info security tenets of Confidentiality, Integrity, and Availability
How are vulnerabilities and risks evaluated?
Based on the threat they pose against one of the CIA Triad principles
What are the most important principles in security?
Confidentiality, Integrity, Availability
What does ‘Confidentiality’ mean?
If a security mechanism offers confidentiality, it offers a high level of assurance that data, objects, or resources are restricted from unauthorized subjects.
Unauthorized disclosure impacts which security objective?
Confidentiality
How is confidentiality maintained on a network?
Data must be protected from unauthorized access, use, or disclosure while in storage, in process, and in transit.
What are some attacks that focus on the violation of confidentiality?
capturing network traffic, stealing password files, social engineering, port scanning, shoulder surfing, eavesdropping, sniffing, etc
What countermeasures can be used to ensure confidentiality?
encryption, network traffic padding, strict access control, rigorous authentication procedures, data classification, extensive personnel training
List the conditions/aspects of confidentiality.
Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion, Isolation
Describe ‘Sensitivity’
One of the conditions/aspects of confidentiality. Refers to the quality of information, which could cause harm if disclosed. Maintaining confidentiality of sensitive information helps prevent harm or damage.
Describe ‘Discretion’
One of the conditions/aspects of confidentiality. Discretion is an act of decision where an operator can influence or control disclosure in order to minimize harm or damage.
Describe ‘Criticality’
One of the conditions/aspects of confidentiality. The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information.
Describe ‘Concealment’
One of the conditions/aspects of confidentiality. The act of hiding or preventing disclosure. Often concealment is viewed as a means of cover, obfuscation, or distraction.