CIA Triad Flashcards
What does CIA stand for in information security?
Confidentiality, Integrity, Availability.
What is confidentiality?
Ensuring people cannot access information they are not authorized to see.
What does high confidentiality mean?
Data is encrypted.
What is low confidentiality?
Data is open on the web.
What is integrity in the CIA triad?
Ensuring information is not modified or corrupted by unauthorized parties.
What is availability?
Ensuring information is accessible when needed by authorized users.
What are access control elements?
Identification, Authentication, Authorization, Accountability.
What are administrative access controls?
Institutional policies and procedures such as hiring and supervision.
What are physical controls?
Methods to prevent/detect physical access, e.g., guards, locked doors.
What are logical/technical controls?
Hardware/software security mechanisms like firewalls and encryption.
What is the principle of least privilege?
Users should only have access needed for their job.
What is separation of duties?
Dividing sensitive tasks among individuals to reduce risk of fraud.
What is discretionary access control?
Access based on user identity.
What is rule-based access control?
Access based on predefined rules (e.g., firewalls).
What is lattice-based access control?
Access determined by security labels and user clearance levels.
What is centralized access control?
One entity manages all access decisions.
What is decentralized access control?
Multiple entities manage access, suitable for large systems.
