Domain 1 (Security and Risk Management) Flashcards
What does CIA stand for?
Confidentiality, Integrity and Availability
What is the purpose of confidentiality?
Enforces secrecy
What is the purpose of integrity?
Accuracy, reliability of data
What are example controls that enforce confidentiality?
Encryption, Access control
What are example controls that enforce Integrity?
Hashing, Change Control
What are example controls that enforce availability?
RAID, backups
Definition of Vulnerability
System weakness that allow treat agent to compromise
Definition of Threat
Danger associated with exploiting vulnerability
Examples of a Treat Agent
Intruder, careless employee or bad policy
Definition of Risk
Likelihood of threat source exploiting vulnerability and its business impact
Definition of Exposure
Instance of being exposed to loss. Example: Weak Password
Definition of Control
Countermeasure to mitigate risk
What are the three control types?
Administrative, Technical and Physical
Examples of Administrative controls
Documents, training, management related
Examples of Technical controls
Firewall, encryption, IDS
Example of physical control
Fences
Definition of Defense-In-Depth
coordinated use of several controls in layered approach
Name the six control functions
Preventative, Detective, Corrective, Deterrent, Recovery and Compensating
What does a Preventative control function do?
Intend to avoid incident happening
What does a detective control function do?
Identify incident activities
What does a corrective control function do?
Fixes systems after incident
What does a deterrent control function do?
Discourages attackers
What does a recovery control function do?
Brings environment back to operation
What does a compensating control function do?
Alternative measure of control