Fundamentals Flashcards
Information Security
Protects the data
Information Systems Security
Protects the devices that holds and process the data
Threat
Anything that could cause harm, loss, damage, or compromise to IT systems.
Threats incidents
- Natural disasters
- Cyber-attacks
- Data integrity breaches
- Disclosure of confidential information
Vulnerabilities examples
- Software bugs
- Misconfigured software
- Improperly protected network devices
- Missing security patches
- Lack of physical security
Vulnerability
Any weakness in the system design or implementation.
Threat x Vulnerability
- Threats are originated from external sources and cannot be controlled.
- Vulnerabilities can be controlled by mitigating, transferring, avoiding or accepting the risk.
Intersection of threats and vulnerabilities is where the risk to enterprise systems and networks lies
Threat + No Vulnerability = Is there any risk?
No Risk
Vulnerability + No Threat = Is there any risk?
No Risk
Vulnerability + Threat = Is there any risk?
Yes! There are some risk envolved.
Think about daily analogies for Threats and Vulnerabilites.
While going from home to job…
You car can break in the middle of way = lack of maintenance [VULNERABILITY]
Another driver can cause an accident = Another driver dangerous driving [THREAT]
CIA Triad
C - Confidentiality
I - Integrity
A - Availability
2 new elements to CIA triad making it a pentagon
N - Non-repudiation
A - Authentication
CIANA
Ensures that information is only accessible to those with the appropriate authorization. (Ex: encryption)
Confidentiality
Ensures the data remains accurate and unaltered unless modification is required. (Ex: checksums, hashing)
Integrity
Ensures that information resources are accessible and functional when needed by authorized users. (ex: website up and running all the time regardless the traffic it’s receiving.)
Availability
Guaranteeing that specific action or event has taken place and cannot be denied by the parties involved. (Ex: A digitally signed email. That’s going to ensure that I cannot deny sending you that particular message because my digital signature is attached to it)
Non-repudiation
Process of verifying the identity of a user or system.
Authentication