COMPTIA SECURITY + WEEK 1 CHAPTER 1 & 2 Flashcards
What are the three key objectives of cybersecurity?
Confidentiality, Integrity, Availability
These objectives are often referred to as the CIA triad.
What is confidentiality in cybersecurity?
Ensures that unauthorized individuals cannot gain access to sensitive information
Security controls like firewalls, access control lists, and encryption are used to maintain confidentiality.
What is integrity in cybersecurity?
Ensures that there are no unauthorized modifications to information or systems
Integrity controls include hashing and integrity monitoring solutions.
What is availability in cybersecurity?
Ensures that information and systems are ready for legitimate users when needed
Availability controls include fault tolerance, clustering, and backups.
What does the CIA triad stand for?
Confidentiality, Integrity, Availability
This triad is used to characterize risks, attacks, and security controls.
What is nonrepudiation?
The assurance that someone cannot deny having taken an action
Digital signatures are a common example of nonrepudiation.
What are the three key threats to cybersecurity efforts according to the DAD triad?
Disclosure, Alteration, Denial
Each threat maps to one of the CIA triad goals.
What is disclosure in the context of cybersecurity?
The exposure of sensitive information to unauthorized individuals
This is a violation of the principle of confidentiality.
What is alteration in cybersecurity?
The unauthorized modification of information
This is a violation of the principle of integrity.
What is denial in cybersecurity?
The disruption of an authorized user’s legitimate access to information
This violates the principle of availability.
What are the categories of potential impact from a security incident?
- Financial Risk
- Reputational Risk
- Identity Theft
- Strategic Risk
- Operational Risk
- Compliance Risk
Each category describes different consequences an organization may face after a breach.
What is financial risk in the context of a data breach?
The risk of monetary damage to the organization as a result of a breach
This can include direct costs, like rebuilding a datacenter, and indirect costs, like lost business opportunities.
What constitutes reputational risk?
Negative publicity surrounding a security breach that affects goodwill
It is often difficult to quantify this type of damage.
What is identity theft risk?
The risk posed by exposure of personally identifiable information (PII) to malicious individuals
Organizations should protect sensitive identifiers like Social Security numbers and bank account information.
Define strategic risk in the context of cybersecurity.
The risk that an organization will become less effective in meeting its goals due to a breach
For example, losing product development plans may hinder market competitiveness.
What is operational risk?
Risk to the organization’s ability to carry out its day-to-day functions
This may slow down processes or require manual workarounds.
What does compliance risk entail?
Risk of violating legal or regulatory requirements due to a breach
An example is violating HIPAA by losing patient medical records.
True or False: Risks often fit into only one category.
False
Many risks can cross multiple categories, such as reputational and financial risks arising from the same incident.
What is a gap analysis in cybersecurity?
A review to evaluate security controls against control objectives
Gaps identified should be treated as potential risks to be remediated.
List the four categories of security controls.
- Technical Controls
- Operational Controls
- Managerial Controls
- Physical Controls
Each category achieves security objectives through different mechanisms.
What are technical controls?
Controls that enforce confidentiality, integrity, and availability in the digital space
Examples include firewalls, access control lists, and encryption.
What are operational controls?
Processes put in place to manage technology securely
Examples include user access reviews and log monitoring.
What are managerial controls?
Procedural mechanisms focusing on the risk management process
Examples include risk assessments and security planning.
What are physical controls?
Security controls that impact the physical world
Examples include fences, locks, and fire suppression systems.