CIA Triad - Confidentiality, Integrity, and Availability

Question 1

Confidentiality

Answer 1

seeks to prevent the unauthorized disclosure of information

Question 2

Integrity

Answer 2

seeks to prevent unauthorized modification of information

Question 3

Availability

Answer 3

ensure authorized people can access the data they need, when they need to.

Question 4

CIA Triad OR (AIC)

Answer 4

Confidentiality, Integrity, Availability

Question 5

Availability - Threats

Answer 5

Malicious attacks (DDOS, physical, system compromise, staff)
Application failures (error in the code)
Component failure (hardware)

Question 6

Availability - Defense

Answer 6

IPS/IDS
Patch Management
Redundancy on hardware power (Multiple power/supplies/UPS’/generators Disks (RAID), Traffic paths (network design), HVAC, staff, HA (high availability)
SLAs - How high uptime we want (99.%9) - ROI

Question 7

Confidentiality

Answer 7

it keeps data secrets

Question 8

Integrity

Answer 8

Seeks to ensure data that is written in an authorized manner is complete and accurate

Question 9

Subject

Answer 9

An active entity on an information system

Question 10

Object

Answer 10

a passive data file

Question 11

Annualized Loss Expectancy

Answer 11

the cost of lose due to a risk over a year

Question 12

Threat

Answer 12

a potentially negative occurrence

Question 13

Vulnerability

Answer 13

a weakness in a system

Question 14

Risk

Answer 14

a matched threat and vulnerability

Question 15

Safeguard

Answer 15

a measure taken to reduce risk

Question 16

Confidentially – EXAMPLE

Answer 16

A confidentially attack would be the theft of Personally Identifiable Information (PII), such as credit card information

Question 17

Data Integrity

Answer 17

seeks to protect information against unauthorized modification

Question 18

System Integrity

Answer 18

seeks to protect a system

Question 19

System Integrity - threat

Answer 19

If a user installs malicious software on the system to allow future “back door” access, they have violated the systems integrity

Question 20

Data Integrity - threat

Answer 20

If an unethical student compromises a college grade database to raise their grades, they have violated the data integrity

Question 21

What does the acronym DAD stand for?

Answer 21

Disclosure, Alteration, Destruction

Question 22

Disclosure

Answer 22

Unauthorized release of information

Question 23

What does Alteration mean?

Answer 23

the unauthorized modification of data

Question 24

Authorization - Actions

Answer 24

Actions may include reading, writing, or executing files or programs.

Question 25

What does Destruction reference/mean in security?

Answer 25

making a system or data unavailable

Question 26

Identity and Authentication

Answer 26

Proving an identity claim is called authentication; to authenticate the identity claim, usually by supplying a piece of information or an object that only an individual possess.

Question 27

What does Authorization mean in security?

Answer 27

the actions you can perform on a system once you have been identified and authenticated.