Domain 1: Security and Risk Management Flashcards

1
Q

Confidentiality

A

Ensure the protection of the secrecy of data, objects, or resources & prevent or minimize unauthorized access to data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Integrity

A

Protecting the
reliability and correctness of data; Prevents unauthorized alterations of
data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Availability

A

Means authorized subjects are

granted timely and uninterrupted access to objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AAA

A

identification, authentication, authorization, auditing, and accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Identification

A

Identification is the process by which a subject professes an identity and accountability is
initiated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Authentication

A

The process of verifying that the claimed identity is valid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Authorization

A

Ensures that the requested activity or access to an object is possible given the rights and
privileges assigned to the authenticated identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Auditing

A

Auditing, or monitoring, is the programmatic means by which a subject’s actions are
tracked and recorded for the purpose of holding the subject accountable for their actions
while authenticated on a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Accountability

A

Subjects are held accountable for
their actions. Effective accountability relies on the capability to prove a subject’s identity
and track their activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Legally Defensible Security

A

organization’s
security needs to be legally defensible. When bad things do happen, organizations often desire assistance
from law enforcement and the legal system for compensation. To obtain legal restitution,
you must demonstrate that a crime was committed, that the suspect committed that
crime, and that you took reasonable efforts to prevent the crime. Ultimately, this requires a complete
security solution that has strong multifactor authentication techniques, solid authorization
mechanisms, and impeccable auditing systems. Additionally, you must show that
the organization complied with all applicable laws and regulations, that proper warnings
and notifications were posted, that both logical and physical security were not otherwise
compromised, and that there are no other possible reasonable interpretations of the
electronic evidence. This is a fairly challenging standard to meet. Thus, an organization
should evaluate its security infrastructure and redouble its effort to design and implement
legally defensible security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Protection Mechanisms

A

Protection
mechanisms are common characteristics of security controls. Not all security controls must
have them, but many controls offer their protection for confidentiality, integrity, and availability
through the use of these mechanisms. Common examples of these mechanisms
include using multiple layers or levels of access, employing abstraction, hiding data, and
using encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Layering

A

Layering, also known as defense in depth, is simply the use of multiple controls in a series. Using a multilayered solution allows
for numerous, different controls to guard against whatever threats come to pass.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Abstraction

A

Abstraction is used for efficiency. Similar elements are put into groups, classes, or roles that
are assigned security controls, restrictions, or permissions as a collective. Abstraction simplifies
security by enabling you to assign security controls to a group of objects collected by type
or function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data Hiding

A

Data hiding is exactly what it sounds like: preventing data from being discovered or
accessed by a subject by positioning the data in a logical storage compartment that is not
accessible or seen by the subject. Forms of data hiding include keeping a database from
being accessed by unauthorized visitors and restricting a subject at a lower classification
level from accessing data at a higher classification level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

security through obscurity

A

is the idea of not
informing a subject about an object being present and thus hoping that the subject will not
discover the object. Security through obscurity does not actually implement any form of
protection. It is instead an attempt to hope something important is not discovered by keeping
knowledge of it a secret. An example of security though obscurity is when a programmer
is aware of a flaw in their software code, but they release the product anyway hoping
that no one discovers the issue and exploits it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Encryption

A

Encryption is the art and science of hiding the meaning or intent of a communication
from unintended recipients.