CIA Triad Concept

Question 1

Prevents the disclosure of data to unauthorized people so that only authorized people have access to data.

Answer 1

Confidentiality

Question 2

encryption uses one key, known as the secret key.

Answer 2

Symmetric

Question 3

encryption uses two keys, known as the private key and the public key.

Answer 3

Asymmetric

Question 4

This means that you know that data has not been altered or tampered with. We use a technique called hashing that takes the data and converts it into a numerical value called a hash or message digest.

Answer 4

Integrity

Question 5

which allows one or two disks to fail while still keeping the data available.

Answer 5

RAID Redundant Array Independent Disk

Question 6

two servers can access the same data, and if one fails, the other can still provide the data, a data backup,

Answer 6

Fail Over Cluster

Question 7

regulates the temperature for critical servers. In a datacentre, if the temperature is too hot then the servers will shut down.

Answer 7

HVAC

Question 8

where you give someone only the most limited access required so that they can perform their job role; this is known as a need-to-know basis.

Answer 8

Least Privilege

Question 9

is the concept of protecting a company’s data with a series of protective layers so that if one layer fails, another layer will already be in place to thwart an attack.

Answer 9

Defense in Depth

Question 10

written by managers to create organizational policies and procedures to reduce risk within companies. They incorporate regulatory frameworks so that the companies are legally compliant.

Answer 10

Managerial Controls

Question 11

A company will have a risk register where the financial director will look at all of the risks associated with money and the IT manager will look at all of the risks posed by the IT infrastructure.

Answer 11

Annual Risk Assessment

Question 12

is not intrusive as it merely checks for vulnerabilities,

Answer 12

Vulnerability Scan

Question 13

is more intrusive, as it goes deeper into a computer and can exploit vulnerabilities. It could cause the system to crash unexpectantly.

Answer 13

Penetration Testing

Question 14

are executed by company personnel during their day-to-day operations.

Answer 14

Operational Controls

Question 15

This is an annual event in which you are reminded about what you should be doing each day to keep the company safe:

Answer 15

Annual Security Awareness Training

Question 16

This is a process that a company adopts so that changes made don’t cause any security risks to the company. A change to one department could impact another department.

Answer 16

Change management

Question 17

This is contingency planning to keep the business up and running when a disaster occurs by identifying any single point of failure that would prevent the company from remaining operational.

Answer 17

Business Continuity Plan:

Question 18

implemented by the IT team to reduce the risk to thebusiness.

Answer 18

Technical Controls

Question 19

Firewalls prevent unauthorized access to the network by IP address, application, or protocol.

Answer 19

Firewall Rules

Question 20

This is the most common threat to a business, and we must ensure that all servers and desktops are protected and up to date.

Answer 20

Antivirus Antimalware

Question 21

These log computers off when they are idle, preventing access.

Answer 21

Sreen saver

Question 22

These prevent people that are walking past from reading the data on your screen.

Answer 22

Screen Filter

Question 23

CCTV and motion sensors. When someone is walking past a building and the motion sensors detect them, it turns the lights on to deter them. A building with a CCTV camera in a prominent position and a sign warning people that they are being recorded

Answer 23

Deterrent Controls

Question 24

are used to investigate an incident that has happened and needs to be investigated;

Answer 24

Detective Control

Question 25

records events as they happen and from that, you can see who has entered a particular room or has climbed through a window at the rear of a building.

Answer 25

CCTV

Question 26

are the actions you take to recover from an incident. You may lose a hard drive that contained data; in that case, you would replace the data from a backup you had previously taken.

Answer 26

Corrective Controls

Question 27

form of corrective control. There may have been a fire in your data center that destroyed many servers, therefore, when you purchase replacement servers, you may install an oxygen suppressant system that will starve a fire of the oxygen needed.

Answer 27

Fire Suppression System

Question 28

can also be called Alternative or Secondary Controls and can be used instead of a primary control that has failed or is not available.

Answer 28

Compensating Controls

Question 29

are in place to deter any attack; this could be having a security guard with a large dog walking around the perimeter of your building. This would make someone trying to break in think twice about doing so.

Answer 29

Preventative Controls