Domain 1 : Security & Risk Management Flashcards
Name the three types of security evaluations & briefly discuss what each type achieves?
Risk assessment, vulnerability assessment & PEN testing. Risk assessment is the process of identifying assets, threats, & vulnerabilities & using that information to calculate risk; vulnerability assessments use automated tools to locate security weaknesses and the results are used to add more defenses or adjust existing protections; PEN testing uses trusted 3rd party firms or individuals to stress-test the security infrastructure
What is the CIA Triad ?
CIA = confidentiality, integrity, & availability which are the three primary goals of security infrastructure.
Security controls usually evaluated on how well they address the three core tenets (CIA)
What are the five (5) categories of AAA Services core security mechanism & briefly describe the meaning of each area?
Identification, authentication, authorization, auditing, & accounting
Name and discuss the concept of the four (4) protection mechanisms in cybersecurity (pp.11-13 CISSP text)
Defense in depth (layering) (meaning: use of multiple controls in a series:
use layering in series vs in parallel
Abstraction : used to create efficiencies by placing similar elements in to groups, classes, or roles to be assigned security controls,
Data hiding: exactly what it sounds like in cybersecurity
Encryption: in cyber security is the conversion of data from a readable format into an encoded format. Encrypted data can only be read or processed after it’s been decrypted
What is the FAIR methodology?
FAIR stands for Factor Analysis of Information Risk and is a methodology of assessing security risk using quantitative analysis