Fundamentals of security Flashcards
Threat
Anything that could cause harm, loss, damage, or compromise to our information
technology systems
Vulnerability
Any weakness in the system design or implementation
Risk
Intersection between threats and vulnerabilities
Risk Management
Finding different ways to minimize the likelihood of an outcome and achieve the
desired outcome
CIA triad
Confidentiality, Integrity, Availability
Confidentiality
Refers to the protection of information from unauthorized access and disclosure
Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes
Integrity
Helps ensure that information and data remain accurate and unchanged from its
original state unless intentionally modified by an authorized individual
Verifies the accuracy and trustworthiness of data over the entire lifecycle
Availability
Ensure that information, systems, and resources are accessible and operational
when needed by authorized users
Methods for confidentiality
- Hashing
- Digital signatures
- Checksums
- Access controls
- Regular audits
Redundancy
Duplication of critical components or functions of a system with the
intention of enhancing its reliability
Redundancy types
- Server redundancy
- Data redundancy
- Network redundancy
- Power redundancy
Non-repudiation
Focused on providing undeniable proof in the world of digital transactions
Security measure that ensures individuals or entities involved in a
communication or transaction cannot deny their participation or the authenticity
of their actions
Authentication
Security measure that ensures individuals or entities are who they claim to be
during a communication or transaction
Common authentication factors
- Knowledge (something you know)
- Possession (something you have)
- Inherence (something you are)
- Action (something you do)
- Location (somewhere you are)
Authorization
Pertains to the permissions and privileges granted to users or entities after they
have been authenticated