Domain 1 Flashcards
What is the CIA Triad?
Confidentiality, Integrity and Availability.
What is Confidentiality?
Access Controls - Ensure only Authorized Subjects can access objects.
What is Integrity?
Ensure that data or system configurations are not modified without authorization.
Availability
Authorized requests for objects must be granted to subjects within reasonable time.
What are the main points of theISC2 Code of Ethics?
Protect Society, Act Honourably, Provide diligent and competent service to principles and Advance the profession.
What are the four levels of Security Policy Development?
Acceptable use Policy, Security Baselines, Security Guidelines and Security Procedures.
What is an acceptable use policy?
Assigns roles and responsibilities
What is a security baseline?
Defines “minimum levels” of security.
What are security guidelines?
Offer recommendations as to how baselines may be implemented.
Security Procedures
Detailed step-by-step guides on how to implement a security mechanism.
What are the Risk Categories?
1) Damage (physical loss of an asset) 2) Disclosure - Disclosing critical information 3) Losses - permanent or temporary including altered data or inaccessible data.
What are Risk Factors? (Part 1)
1) Physical Damage - Natural Disaster, Power loss etc 2) Malfunctions - Failure of systems, networks or peripherals. 3) Attacks - purposeful acts whether inside or outside the org.
What are more Risk Factors (Part 2)
1) Human errors - usually considered accidental
2) Application Errors - Failures of the application, including the operating system.
What are more Risk Factors (Part 2)
1) Human errors - usually considered accidental
2) Application Errors - Failures of the application, including the operating system.
