CIANA Pentagon Flashcards
What’s Confidentiality, Integrity, Availability, Non-Repudiation and Authentication?
- Confidentiality is the keeping of data and information private and only allowing authorised users to access it.
- Integrity is ensuring that the data is accurate and unaltered unless it’s done by an authorised user.
- Availability is making sure that data is readily available to authorised users.
- Non-Repudiation is ensuring that an entity cannot deny the authenticity of their actions.
- Authentication is the verifcation of a user’s identity that’s trying to access data.
What’s Symmetric and Asymmetric Encryption?
- Is the encryption and decryption of data with the same key.
- Is the encryption and decryption of data with different keys; one for encrypting and the other for decrypting.
When it comes to confidentiality? What are the following terms?
- Snooping
- Eavesdropping
- Wiretapping
- Social Engineering
- Dumpster Diving
- Snooping is unauthorised access to personal details.
- Eavesdropping is the unautorised intereception of data transmitted on a network.
- Wiretapping is the targeted interception of telephone lines or internet communications.
- Social Engineering is psychological techniques used by cyber criminals to trick users into divulging private and often sensitive information like logins and other data.
- Dumpster diving is looking for discarded documents in garbage that hasn’t been shredded which may contain sensitive information.
When it comes to integrity? What are the following terms?
* Man in the middle attack
* Replay Attack
* Impersonation
* Unauthorised data modification
- Man in the middle is a type of cyber attack where data transmission is intercepted, altered and sent between two parties who are communicating with each other.
- Replay attack is the interception of data transmissions and later relayed by the unauthorised person to gain access to a system, network or resource.
- Impersonation is pretending to be an authorised user to gain access to data or resources.
- Data modified in an unintended manner by an authorised user.
When it comes to availability? What are the following terms?
- Denial of Service
- Power Outages
- Hardware Failures
- Destruction
- Service Outages
- Denial of Service is a type of cyber attack where network is bombarded with unwanted network traffic which renders authorised user access.
- Power Outages is issues with electrical supply of power.
- Hardware failures is hardware becoming insufficient, defective or outdated which leads to loss of data or disruption of service.
When it comes to Social Engineering? What are the following terms?
- Phishing
- Spearphising
- Phising is the use of email to trick users into divulging sensitive information.
- Spear Phising is a type of phising that is aimed at users from senders that seem like legitimate sources or entities.
What’s the AAA of Cyber Security?
When it comes to authentication? What is:
* Something you know.
* Something you have.
* Something you are.
- Authentication is the verification of users that have access to systems and resources.
- Authorisation is the authenicated users accessing systems, network or resources.
- Accounting is the tracking of user activities and maintaining records for future reference or investigation.
Something you know is login credentials or pin code.
Something you have is a token.
Something you are is biometrics such as fingerprints and retinal scans.
