Confidentiality, Integrity, and Availability Flashcards

1
Q

What is Confidentiality?

A

The first principle of the CIA Triad is confidentiality. Confidentiality is the concept of the measures used to ensure the protection of the secrecy of data, objects, or resources. The goal of confidentiality protection is to prevent or minimize unauthorized access to data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Passive element

A

An object is the passive element in a security relationship, such as files, computers, network connections, and applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Active element

A

A subject is the active element in a security relationship, such as users, programs, and computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Events that lead to confidentiality breaches

A

Failing to properly encrypt a transmission, failing to fully authenticate a remote system before transferring data, leaving open otherwise secured access points, accessing malicious code that opens a back door, misrouted faxes, documents left on printers, or even walking away from an access terminal while data is displayed on the monitor. Confidentiality violations can result from the actions of an end user or a system administrator. They can also occur because of an oversight in a security policy or a misconfigured security control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Aspects of confidentiality

A

Sensitivity, Criticality, Discretion, Concealment, Secrecy, Privacy, Seclusion, Isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is sensitivity

A

Sensitivity refers to the quality of information, which could cause harm or damage if disclosed. Maintaining confidentiality of sensitive information helps to prevent harm or damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is criticality

A

The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Discretion

A

Discretion is an act of decision where an operator can influence or control disclosure in order to minimize harm or damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is concealment

A

Concealment is the act of hiding or preventing disclosure. Often concealment is viewed as a means of cover, obfuscation, or distraction. A related concept to concealment is security through obscurity, which is the concept of attempting to gain protection through hiding, silence, or secrecy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is secrecy

A

Secrecy is the act of keeping something a secret or preventing the disclosure of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is privacy

A

Privacy refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is seclusion

A

Seclusion involves storing something in an out-of-the-way location. This location can also provide strict access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is isolation

A

Isolation is the act of keeping something separated from others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Integrity

A

Integrity is the concept of protecting the reliability and correctness of data. It ensures that data remains correct, unaltered, and preserved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Three perspectives of Integrity

A
  1. Preventing unauthorized subjects from making modifications
  2. Preventing authorized subjects from making unauthorized modifications, such as mistakes
  3. Maintaining the internal and external consistency of objects so that their data is a correct and true reflection of the real world and any relationship with any child, peer, or parent object is valid, consistent, and verifiable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Events that lead to integrity breaches

A

Modifying or deleting files; entering invalid data; altering configurations, including errors in commands, codes, and scripts; introducing a virus; and executing malicious code such as a Trojan horse. Integrity violations can occur because of the actions of any user, including administrators.

17
Q

Aspects of integrity

A

Accuracy, Truthfulness, Authenticity, Validity, Nonrepudiation, Accountability, Responsibility, Completeness, Comprehensiveness

18
Q

What is accuracy

A

Being correct and precise

19
Q

What is truthfulness

A

Being a true reflection of reality

20
Q

What is authenticity

A

Being authentic or genuine

21
Q

What is validity

A

Being factually or logically sound

22
Q

What is nonrepudiation

A

Not being able to deny having performed an action or activity or being able to verify the origin of a communication or event

23
Q

What is Accountability

A

Being responsible or obligated for actions and results

24
Q

What is responsibility

A

Being in charge or having control over something or someone

25
Q

What is completeness

A

Having all needed and necessary components or parts

26
Q

What is comprehensiveness

A

Being complete in scope; the full inclusion of all needed elements

27
Q

What is availability

A

Availability means authorized subjects are granted timely and uninterrupted access to objects. It also implies that the supporting infrastructure—including network services, communications, and access control mechanisms—is functional and allows authorized users to gain authorized access.

28
Q

Availability breaches include

A

Accidentally deleting files, overutilizing a hardware or software component, under-allocating resources, and mislabeling or incorrectly classifying objects.

29
Q

Aspects of availability

A

Usability, Accessibility, Timeliness

30
Q

What is Usability

A

The state of being easy to use or learn or being able to be understood and controlled by a subject

31
Q

What is accessibility

A

The assurance that the widest range of subjects can interact with a resource regardless of their capabilities or limitations

32
Q

What is timeliness

A

Being prompt, on time, within a reasonable time frame, or providing low-latency response