D1. Security and Risk Management Flashcards
Refers to the process and methodologies involved in safeguarding information and underlying systems from inappropriate access, use, modifications, or disturbance.
What is Information security?
What are the three principles forming the pillars of information security?
CIA Triad (Confidentiality, Integrity, and Availability)
This is the concept of limiting access to data to authorized users and systems and restricting access from unauthorized parties?
What is Confidentiality?
Confidentiality is closely related to this security best practice.
What is least privileged? (Asserts that access to information should be granted only on a need-to-know basis)
This is the concept of maintaining the accuracy, validity, and completeness of data and systems.
What is Integrity?
These two concepts are closely related to Integrity.
What is Authenticity and Non-repudiation?
Refers to ensuring the data is genuine and that all parties are who they say they are.
What is Authenticity?
This concept requires ensuring that no party is able to deny their actions (e.g., creating, modifying, or deleting data).
What is Non-repudiation?
Most common mechanisms used to establish authenticity and nonrepudiation in information security.
What are digital signatures?
This concept is focused on ensuring that authorized users can access data when they need it.
What is Availability?
Concepts to be considered alongside Availability include:
What is accessibility (ability o erase of a user to use a resource or access data when needed), usability (ability of a user to meet their needs with available data), and timeliness (time expectation for availability of information and resources and is the measure of the time between when information is expected and when it is available for use)?
What are some mechanisms that can help prevent disruption of system and information availability?
Data backups, redundant storage, Bach up power supply, and web application firewalls (WAFs).
This National Institute of Standards and Technology (NIST) Special Publication included the CIA Triad as three of its five security objectives.
What is 800-33 “Underlying Technical Models for Information Technology Security”. The two additional concepts were accountability and assurance.
The actions of an entity may be traced uniquely to that entity is termed?
Accountability
The basis for confidence that the security measures, both technical and operational, work as intended to protect the system and the information it processes, is termed?
Assurance
This is the right of human individuals to control the distribution of information about themselves.
What is Privacy?