Fundamental Security

Question 1

What is Information Security?

Answer 1

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction.

Question 2

What is the Information Systems Security

Answer 2

Protecting the systems (ex. computers, servers, network devices) that hold and process critical data

Question 3

What does CIA stand for?

Answer 3

Confidentiality, Integrity, Availability

Question 4

Confidentiality

Answer 4

Ensures information is accessible only to authorized personnel (ex. encryption)

Question 5

Integrity

Answer 5

Ensures data remains accurate and unaltered (ex. checksums)

Question 6

Availablity

Answer 6

Ensures information and resources are accessible when needed (Ex. redundancy measures)

Question 7

Non-Repudiation

Answer 7

Guarantees that an action or event cannot be denied by the involved parties (ex. digital signatures)

Question 8

CIANA Pentagon

Answer 8

Extension of CIA triad, but with non-repudation and authentication

Question 9

Triple A’s of Security

Answer 9

Authentication, Authorization, Accounting

Question 10

Security Control Categories

Answer 10

Technical, Managerial, Operational, and Physical

Question 11

Security Control Types

Answer 11

Preventative, Deterrent, Detective, Corrective, Compensating, Directive

Question 12

Zero Trust Model

Answer 12

Operates on the principle that no one should be trusted by default

Question 13

How do we achieve zero trust?

Answer 13

Through the Control Plane & the Data Plane

Question 14

Data Plane

Answer 14

Subject/system, policy engine, policy administrator, and establishing policy enforcement points

Question 15

Control Plane

Answer 15

Adaptative Identity, threat scope reduction, policy-driven access control, and secured zone