Fundamental of security Flashcards
this is test 1
what is Information Security
Act for protecting data and information from unauthorized access,unlawful modification and disruption,disclosure , and corruption and destruction
what is information System Security
Act for protecting the system that holds and process the critical information
confidentiality
Ensure that Information is only accessible by authorized person
integrity
Ensure that data remain accurate and unaltered unless the modification is required
Availability
Ensure that information and resources are accessible and functional when needed by by authorized users
Non-repudiation
Guaranteeing that a specific action or event has taken place and cannot be denied by parties involved
AAA of security
Authentication , Authorization , Accounting
Authorization
Permissions and privileges granted to users or entities after they have been authenticated
Accounting
Act of tracking user activities and resource usage, typically for audit or billing purposes
Security Controls
Measures or mechanisms put in place to mitigate risks and protect the confidentiality , integrity , and availability information system and data
Type of Security Controls
Technical , Managerial , Operations , Physical
Zero Trust
Security model that operates on the principle that no one , whether inside or outside the organization, should be trusted by default
Control Plane
Consists of adaptive identity, threat scope reduction,policy-driven access control,and secured zones
Data Plane
Focused on the subject / system,policy engine ,
policy administrator , and establish policy enforcement points
Data Masking
Method that involves obscuring
data within a database to make
it inaccessible for unauthorized
users while retaining the real
data’s authenticity and use
for authorize user
Physical Security Measures
Used to ensure confidentiality
for physical types of data and for
digital information contained on
servers and workstations
Non-repudiation
Focused on providing
undeniable proof in
digital transactions
Digital Signature
Created by first hashing a particular
message or communication to be
digitally signed and encrypting the
hash digest with the user’s private
key using asymmetric encryption
Availability === ?
Redundancy
Non-repudiation
Redundancy
Authentication
Security measure that ensures
individuals or entities are
who they claim to be during a
communication or transaction
Preventive Controls
Proactive measures implemented to thwart potential security threats or breaches
Detective Controls
Monitor and alert organizations to malicious activities as they occur or shortly thereafter
Corrective Controls
Mitigate any potential damage and restore the system to their to normal state
Compensating Controls
Alternative measure that are implemented when primary security are not feasible or effective
Directive Controls
Often rooted in policy or documentation and set the standards for behavior within an organization
Gap analusis
Process of evaluating the difference between an organization’s current performance and its desired performance