CIA Flashcards
CIA represents
confidentiality, integrity, and availability
A federal technology agency that works with industry to develop and apply technology, measurements, and standards
National Institute of Standards and Technology (NIST)
A publicly announced standardizations developed by the United States Federal Government for use in computer systems by all nonmilitary government agencies and government contractors
Federal Information Processing Standard (FIPS)
The three categories of security controls that are endorsed by both FIPS and NIST are
Technical, Operational, Management
Access controls, audit and accountability, identification and authentication, along with system and communications protection are good examples of
Technical security control
Awareness and training, configuration management, contingency planning, incident response, maintenance, media protection, physical and environmental protection, personnel security, and system and information integrity are good examples of
Operational security control
Certification and accreditation, planning, risk assessment, system and services acquisition, and program management fall under
Management security control
Preventing the unauthorized access of information to individuals or systems
Confidentiality
Under confidentiality, the process of taking cleartext (plain text) and scrambling it into ciphertext, is known as
Encryption
A barrier that will either permit or deny access to a physical location or part of the network infrastructure is called what ?
Access control system
Under confidentiality, the process of converting cyphertext back to cleartext (plain text) is known as
Decrypption
Hiding data within a picture file is know as
Steganography
These three mechanisms of encryption, access controls, and steganography can be used as part of
Confidentiality
The protection of data to ensure that from a source to a destination, the data has not been altered
Integrity
hashing, digital signatures, certificates, through to nonrepudiation are goals of
Integrity
_________ are used to validate to a recipient that the person that sent a message was indeed the person that sent i
Digital signatures
_______ the ascertain, the identities of either individual users, computers, or other entities on a network
Certificate
Ensure that resources are available for any service that you offer an end user or a consumer is:
Availability
Three mechanisms that make a network resilient (available) are
redundancy, fault tolerance, and patching
What additional two properties were added to the C-I-A Triad by ISO 7498-2?
• authentication: the ability of a system to confirm the identity of a sender
• nonrepudiation or accountability: the ability of a system to confirm that a
sender cannot convincingly deny having sent something
What additional property did U.S. Department of Defense [DOD85] add to the C-I-A Triad in addition to what was amended by ISO 7498-2?
auditability: the ability of a system to trace all actions related to a given asset.
The integrity of an item has been preserved when the item is:
Precise Accurate Unmodified Modified only in acceptable ways Modified only by authorized people Modified only by authorized processes Consistent Meaningful and usable
