Fundamentals

Question 1

Information Security

Answer 1

Protects the data

Question 2

Information Systems Security

Answer 2

Protects the devices that holds and process the data

Question 3

Threat

Answer 3

Anything that could cause harm, loss, damage, or compromise to IT systems.

Question 4

Threats incidents

Answer 4

• Natural disasters
• Cyber-attacks
• Data integrity breaches
• Disclosure of confidential information

Question 5

Vulnerabilities examples

Answer 5

• Software bugs
• Misconfigured software
• Improperly protected network devices
• Missing security patches
• Lack of physical security

Question 6

Vulnerability

Answer 6

Any weakness in the system design or implementation.

Question 7

Threat x Vulnerability

Answer 7

• Threats are originated from external sources and cannot be controlled.
• Vulnerabilities can be controlled by mitigating, transferring, avoiding or accepting the risk.

Intersection of threats and vulnerabilities is where the risk to enterprise systems and networks lies

Question 8

Threat + No Vulnerability = Is there any risk?

Answer 8

No Risk

Question 9

Vulnerability + No Threat = Is there any risk?

Answer 9

No Risk

Question 10

Vulnerability + Threat = Is there any risk?

Answer 10

Yes! There are some risk envolved.

Question 11

Think about daily analogies for Threats and Vulnerabilites.

Answer 11

While going from home to job…
You car can break in the middle of way = lack of maintenance [VULNERABILITY]
Another driver can cause an accident = Another driver dangerous driving [THREAT]

Question 12

CIA Triad

Answer 12

C - Confidentiality
I - Integrity
A - Availability

Question 13

2 new elements to CIA triad making it a pentagon

Answer 13

N - Non-repudiation
A - Authentication
CIANA

Question 14

Ensures that information is only accessible to those with the appropriate authorization. (Ex: encryption)

Answer 14

Confidentiality

Question 15

Ensures the data remains accurate and unaltered unless modification is required. (Ex: checksums, hashing)

Answer 15

Integrity

Question 16

Ensures that information resources are accessible and functional when needed by authorized users. (ex: website up and running all the time regardless the traffic it’s receiving.)

Answer 16

Availability

Question 17

Guaranteeing that specific action or event has taken place and cannot be denied by the parties involved. (Ex: A digitally signed email. That’s going to ensure that I cannot deny sending you that particular message because my digital signature is attached to it)

Answer 17

Non-repudiation

Question 18

Process of verifying the identity of a user or system.

Answer 18

Authentication