Fundamentals Of Security Flashcards
What is Information Security?
Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, and corruption and destruction.
What is Information Systems Security?
Act of protecting the systems that hold and the process critical data
What is confidentiality?
Ensures that information is only accessible to those with the appropriate authorisation.
Confidentiality is important for 3 main reasons. What are they?
- to protect personal privacy
- to maintain business advantage
- to achieve regulatory compliance
What is a threat?
Anything that could cause harm, loss, damages or compromise to our information technology systems.
What is a vulnerability?
Any weakness in the system design or implementation.
List the 5 basics methods to ensure confidently.
- Encryption
- Access Controls
- Data Masking
- Physical Security Measures
- Training and Awareness
What is Data Masking?
Method that involves obscuring specific data within database to make it inaccessible for unauthorised
users while retaining the real data’s authenticity and for authorized users.
What is integrity?
Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorised individual.
Integrity is important for three reasons. What are they?
- To ensure data accuracy
- To maintain trust
- To ensure the system operability
What are 5 methods utilised to maintain integrity?
- Hashing
- Digital Signature
- Checksums
- Access Controls
- Regular Audits
What is availability?
Ensuring that information, systems and resources are accessible and operational when needed by authorised users
What are the benefits of ensuring availability?
- ensuring business continuity
- maintaining customer trust
- upholding an organisations reputation
What is redundancy?
Duplication of critical components or functions of a system the intention of enhancing its reliability.
Name the 4 types of redundancy to consider
- Server redundancy
- Data redundancy
- Network redundancy
- Power redundancy
What is non-repudiation?
A security measure that ensures individuals or entities
Involved in communication or transaction cannot deny participation or authenticity of actions.
List three reasons non- repudiation is important?
- to confirm the authenticity of digital transactions
- to ensure the integrity of critical communications
- to provide accountability in digital processes
What are the 5 commonly used authentication methods
- Knowledge factor
- Possession factor
- Inference factor
- Action factor
- Location factor
What three terms are differed to as the 3A’s (AAA)
- Authentication
- Authorisation
- Accounting
What is authentication?
Security measure that insures individuals or entities are who they claim to be during a communication or transaction
What is authorisation?
Pertains to the permissions and privileges, granted to use all entities after they have been authenticated
What is accounting?
Hey, security measure that ensures all you say activities during a communication or transaction, I’ll probably tracked and recorded.
What are the four broad categories of security controls?
- Technical controls
- Managerial controls
- Operational controls
- Physical controls
What are the six basic types of security controls?
- Preventative controls
- Deterrent controls
- Detective controls
- Corrective controls
- Compensative controls
- Directive controls
Define technical controls
Technologies, hardware and software mechanisms that are implemented to manage and reduce risk
Define managerial controls
Also referred to as administrative controls, sat
Define operational controls
Procedures and measures that are designed to protect data on a day-to-day basis. These are many governed by internal processes and human actions..
Define physical controls
Tangible real-world measures taken to protect as it.
Define threat actors intent
Specific objective, although that a threat actor is aiming to achieve through their attack.
Define threat actors motivations
Underline reasons or driving forces that pushes a threat to carry out their attack
List some motivations behind threat actors
- Data exfiltration
- Financial gain
- Blackmail
- Service Disruption
- Philosophical-political beliefs
- Ethical reasons
- Revenge
- Disruption of chaos
- Espionage.
- War
What are preventive controls?
Proactive measures implemented to thwart potential security threats or breaches.
What is Deterrent Controls?
- Discourage potential attackers by making the effort seem less appealing or more challenging
What are Detective Controls?
Monitor and alert organizations to malicious activities as they occur or shortly thereafter
What are Corrective Controls?
Mitigate any potential damage and restore our systems to their normal state.
What are Compensating Controls?
Alternative measures that are implemented when primary security controls are not feasible or effective.
What are Directive Controls?
- Guide, inform, or mandate actions.
- Often rooted in policy or documentation and set the standards for behaviour within an organisation.
What is Gap Analysis?
Process of evaluating the differences between an organizations current performance and its desired performance.
List the activities involved in an Gap Analysis (4)?
- Define the scope of the analysis?
- Gather data on the current state of the organization.
- Analyse the data to identify any areas where the organisation’s current performance falls short of its desired performance.
- Develop a plan to bridge the gap
What are the 2 basic types of Gap Analysis?
- Technical Gap Analysis
- Business Gap Analysis
Describe Zero Trust
Zero Trust demands verification for every device, user and transaction within the network, regardless of its origin.
What are the two different planes used to create a zero trust architecture?
- Control plane
- Data plane
What is the control plane?
Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and
system access within an organization
What is the Data plane?
Ensures the policies are properly executed
