Fundamental of Security Flashcards
Threat
What is a threat in the context of information technology systems?
Anything that could cause harm, loss, damage, or compromise to our information technology systems.
Threat
What are some sources of threats to information technology systems?
- Natural disasters
- Cyber-attacks
- Data integrity breaches
- Disclosure of confidential information
Vulnerability
What is a vulnerability?
Any weakness in the system design or implementation
Vulnerabilities can lead to security breaches and exploitation by attackers.
Vulnerability
What are internal factors that can lead to vulnerabilities?
- Software bugs
- Misconfigured software
- Improperly protected network devices
- Missing security patches
- Lack of physical security
These factors can significantly compromise the security of a system.
Vulnerability
What is risk management?
Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome.
Risk management involves identifying, assessing, and prioritizing risks followed by coordinated efforts to minimize, monitor, and control the probability or impact of unfortunate events.
Confidentility
What does confidentiality refer to?
The protection of information from unauthorized access and disclosure
Confidentiality is crucial in various fields, including healthcare, business, and data management.
Confidentility
Why is confidentiality important? List the main reasons.
- To protect personal privacy
- To maintain a business advantage
- To achieve regulatory compliance
These reasons highlight the necessity of confidentiality in both personal and organizational contexts.
Confidentility
What is encryption?
The process of converting data into a code to prevent unauthorized access
Encryption is a key method for ensuring data confidentiality.
Confidentility
What do access controls do?
Set up strong user permissions to ensure that only authorized personnel can access certain types of data
Access controls are essential for maintaining the integrity of sensitive information.
Confidentility
What is data masking?
A method that obscures specific data within a database to make it inaccessible for unauthorized users while retaining the real data’s authenticity for authorized users
Data masking is often used in testing and development environments.
Confidentility
What are physical security measures?
Measures that ensure confidentiality for both physical types of data, such as paper records, and for digital information contained on servers and workstations
Physical security is a critical aspect of overall data protection strategies.
Confidentility
What is the purpose of training and awareness in confidentiality?
To conduct regular training on security awareness best practices that employees can use to protect their organization’s sensitive data
Ongoing training helps build a culture of security within an organization.
Integrity
What does integrity help ensure regarding information and data?
Integrity helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorized individual.
Integrity
What are the three main reasons why integrity is important?
- To ensure data accuracy
- To maintain trust
- To ensure system operability
Integrity
What is hashing?
Hashing is the process of converting data into a fixed-size value.
Integrity
What do digital signatures ensure?
Digital signatures ensure both integrity and authenticity.
Integrity
What is the purpose of checksums?
Checksums are a method to verify the integrity of data during transmission.
Integrity
What do access controls ensure?
Access controls ensure that only authorized individuals can modify data, reducing the risk of unintentional or malicious alterations.
Integrity
What do regular audits involve?
Regular audits involve systematically reviewing logs and operations to ensure that only authorized changes have been made and any discrepancies are immediately addressed.
Integrity
Fill in the blank: Integrity verifies the accuracy and trustworthiness of data over its _______.
lifecycle
Availability
What is the primary goal of ensuring availability in cybersecurity?
To ensure that information, systems, and resources are accessible and operational when needed by authorized users.
Availability
List three reasons why availability is valued by cybersecurity professionals.
- Ensuring Business Continuity
- Maintaining Customer Trust
- Upholding an Organization’s Reputation
Availability
What is the best strategy to overcome challenges associated with maintaining availability?
To use redundancy in your systems and network designs.
Availability
What is server redundancy?
Using multiple servers in a load balanced or failover configuration to ensure support for end users if one server fails.
Availability
What does data redundancy involve?
Storing data in multiple places.
Availability
What is the purpose of network redundancy?
To ensure that if one network path fails, the data can travel through another route.
Availability
What does power redundancy entail?
Using backup power sources, like generators and UPS systems.
Non-Repudiation
What is non-repudiation?
Focused on providing undeniable proof in the world of digital transactions
Non-Repudiation
What is the main purpose of non-repudiation?
Ensures individuals or entities involved in a communication or transaction cannot deny their participation or the authenticity of their actions
Non-Repudiation
What are digital signatures?
Considered to be unique to each user who is operating within the digital domain
Non-Repudiation
How is a digital signature created?
By hashing a particular message or communication and then encrypting that hash digest with the user’s private key using asymmetric encryption
Non-Repudiation
List the three main reasons why non-repudiation is important.
- To confirm the authenticity of digital transactions
- To ensure the integrity of critical communications
- To provide accountability in digital processes
Authentication
What is authentication?
Security measure that ensures individuals or entities are who they claim to be during a communication or transaction.
Authentication
What is the Knowledge Factor in authentication?
Relies on information that a user can recall.
Authentication
What does the Possession Factor refer to in authentication?
Relies on the user presenting a physical item to authenticate themselves.
Authentication
Define the Inherence Factor in authentication.
Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be.
Authentication
What is the Action Factor in authentication?
Relies on the user conducting a unique action to prove who they are.
Authentication
Explain the Location Factor in authentication.
Relies on the user being in a certain geographic location before access is granted.
Authentication
What is a Multi-Factor Authentication System (MFA)?
Security process that requires users to provide multiple methods of identification to verify their identity.
Why is authentication critical?
To prevent unauthorized access, protect user data and privacy, and ensure that resources are accessed by valid users only.
Authorization
What does authorization pertain to?
Permissions and privileges granted to users or entities after authentication
Authorization
True or False: Authorization is only concerned with user authentication.
False
Authorization
List three purposes of authorization mechanisms.
- To protect sensitive data
- To maintain system integrity
- To create a more streamlined user experience
Accounting
What is accounting in the context of cybersecurity?
A security measure that ensures all user activities during a communication or transaction are properly tracked and recorded.
Accounting
What is the purpose of creating an audit trail?
Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a source or point in time.
Accounting
How does accounting maintain regulatory compliance?
Maintains a comprehensive record of all users’ activities.
Accounting
What is forensic analysis in accounting?
Uses detailed accounting and event logs that can help cybersecurity experts understand what happened, how it happened, and how to prevent similar incidents from occurring again.
Accounting
What is the goal of resource optimization in accounting?
Organizations can optimize system performance and minimize costs by tracking resource utilization and allocation decisions.
Accounting
What does user accountability in accounting ensure?
A thorough accounting system ensures users’ actions are monitored and logged, deterring potential misuse and promoting adherence to the organization’s policies.
Accounting
What technology is used to aggregate logs from various network devices?
Syslog Servers.
Accounting
What is the function of network analysis tools?
Used to capture and analyze network traffic to gain detailed insights into all the data moving within a network.
Accounting
What do Security Information and Event Management (SIEM) Systems provide?
Real-time analysis of security alerts generated by various hardware and software infrastructure in an organization.
Accounting
Fill in the blank: A robust accounting system helps to create an _______.
audit trail.
Accounting
True or False: Forensic analysis is used to prevent similar incidents from occurring again.
True.
Security Control
What are Technical Controls?
Technologies, hardware, and software mechanisms that are implemented to manage and reduce risks
Technical controls focus on the use of technology to mitigate security threats.
Security Control
What are Managerial Controls?
Also referred to as administrative controls, they involve the strategic planning and governance side of security
Managerial controls are essential for setting the framework of security policies.
Security Control
What are Operational Controls?
Procedures and measures designed to protect data on a day-to-day basis, governed by internal processes and human actions
Operational controls ensure that security practices are followed in daily operations.
Security Control
What are Physical Controls?
Tangible, real-world measures taken to protect assets
Physical controls include locks, security guards, and surveillance systems.
Security Control Type
What are Preventive Controls?
Proactive measures implemented to thwart potential security threats or breaches
Examples include firewalls and access controls.
Security Control Type
What is the purpose of Deterrent Controls?
Discourage potential attackers by making the effort seem less appealing or more challenging
Examples include security signage and visible surveillance cameras.
Security Control Type
What do Detective Controls do?
Monitor and alert organizations to malicious activities as they occur or shortly thereafter
Examples include intrusion detection systems and security audits.
Security Control Type
What are Corrective Controls?
Mitigate any potential damage and restore our systems to their normal state
Examples include data backups and incident response plans.
Security Control Type
Define Compensating Controls.
Alternative measures that are implemented when primary security controls are not feasible or effective
Examples include additional monitoring when a firewall is not possible.
Security Control Type
What are Directive Controls?
Guide, inform, or mandate actions, often rooted in policy or documentation and set the standards for behavior within an organization
Examples include security policies and procedures.
Gap Analysis
What is Gap Analysis?
Process of evaluating the differences between an organization’s current performance and its desired performance
Gap analysis helps organizations improve operations, processes, performance, or overall security posture.
Gap Analysis
What are the steps involved in conducting a gap analysis?
- Define the scope of the analysis
- Gather data on the current state of the organization
- Analyze the data to identify performance shortfalls
- Develop a plan to bridge the gap
These steps ensure a systematic approach to identifying and addressing gaps.
Gap Analysis
What is a Technical Gap Analysis?
Involves evaluating an organization’s current technical infrastructure
It identifies areas where the organization lacks the technical capabilities required to fully utilize their security solutions.
Gap Analysis
What is a Business Gap Analysis?
Involves evaluating an organization’s current business processes
It identifies areas where the organization falls short of the capabilities required to fully utilize cloud-based solutions.
Gap Analysis
What does POA&M stand for?
Plan of Action and Milestones
POA&M outlines specific measures to address vulnerabilities.
Gap Analysis
What are the components of a POA&M?
- Outlines the specific measures to address each vulnerability
- Allocate resources
- Set up timelines for each remediation task
These components help in effective management of remediation efforts.
Gap Analysis
True or False: Gap analysis can help improve an organization’s security posture.
True
Conducting gap analysis is valuable for enhancing overall security.
Gap Analysis
Fill in the blank: The first step in conducting a gap analysis is to _______.
[Define the scope of the analysis]
Defining the scope sets the boundaries for the analysis.
Gap Analysis
What is the purpose of analyzing data in a gap analysis?
To identify any areas where the organization’s current performance falls short of its desired performance
This analysis is crucial for developing effective improvement plans.
Zero Trust
What does Zero Trust demand for every device, user, and transaction within the network?
Verification regardless of its origin.
Zero Trust
What are the two different planes used to create a Zero Trust architecture?
Control Plane and Data Plane.
Zero Trust
What is the Control Plane in Zero Trust architecture?
The overarching framework and components responsible for defining, managing, and enforcing access policies.
Zero Trust
What key element of the Control Plane relies on real-time validation?
Adaptive Identity.
Zero Trust
What does Adaptive Identity take into account?
User’s behavior, device, location, and more.
Zero Trust
What is the purpose of Threat Scope Reduction in Zero Trust?
Limits users’ access to only what they need for their work tasks.
Zero Trust
How does Threat Scope Reduction minimize risks?
By reducing the network’s potential attack surface and minimizing the ‘blast radius’ of a breach.
Zero Trust
What does Policy-Driven Access Control entail?
Developing, managing, and enforcing user access policies based on roles and responsibilities.
Zero Trust
What are Secured Zones in a network?
Isolated environments designed to house sensitive data.
Zero Trust
What are the two components of the Control Plane that make access decisions?
Policy Engine and Policy Administrator.
Zero Trust
What is the function of the Policy Engine?
Cross-references the access request with predefined policies.
Zero Trust
What does the Policy Administrator do?
Establishes and manages access policies.
Zero Trust
What does the Data Plane consist of?
Subject/System and Policy Enforcement Point.
Zero Trust
What does Subject/System refer to in the Data Plane?
The individual or entity attempting to gain access.
Zero Trust
What is the Policy Enforcement Point?
Where the decision to grant or deny access is executed.
