Domain 1 Flashcards
Security Principles
What does the CIA Triad stand for?
Confidentiality, Integrity, Availability.
Define confidentiality in the CIA Triad.
Protecting data from unauthorized access while permitting access to authorized users.
What is integrity in the context of the CIA Triad?
Ensuring data is complete, accurate, and consistent.
What is the main focus of availability in the CIA Triad?
Providing timely and reliable access to data for authorized users.
What is privacy?
The right of individuals to control their personal information.
What are the three common methods of authentication?
Something you know (passwords), something you have (tokens), and something you are (biometrics).
What is non-repudiation?
Preventing denial of actions like sending messages or creating information.
Name the four risk treatment options.
Avoidance, Acceptance, Mitigation, Transfer.
What is a risk matrix used for?
Prioritizing risks based on likelihood and impact.
List the three types of security controls.
Physical, Technical, Administrative.
What is the purpose of administrative controls?
To govern human behavior and decision-making.
Provide an example of a regulation with international implications.
GDPR (General Data Protection Regulation).
What are procedures in governance?
Detailed steps to accomplish tasks, ensuring consistent execution.
What is risk tolerance?
An organization’s appetite for risk, determined by executive management or the board.
Define data integrity.
Ensuring data has not been altered in an unauthorized manner and is accurate and consistent.
What is risk transference?
Shifting the financial impact of a risk to a third party, such as through insurance.
Give an example of a technical control.
Firewalls, intrusion detection systems, and access controls.
What is the primary goal of risk assessment?
To identify, estimate, and prioritize risks to the organization.
Explain the term Personally Identifiable Information (PII).
Data about an individual that can be used to identify them.
Why is availability critical for business operations?
Ensures authorized users can access data and systems when needed.
What does sensitivity measure in data classification?
The importance assigned to information based on its need for protection.
Name two examples of administrative controls.
Security policies and employee training programs.
How is a baseline used in maintaining system integrity?
It serves as a reference point to compare the current state and detect changes.
What is criticality in the context of availability?
The importance an organization assigns to data or systems for its operations.
