Fundamentals Of Security Flashcards

1
Q

Information Security

A

The act of protecting the data from unauthorized access, modification, corruption and desctruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information Systems Security

A

The act of protecting the systems that hold the data we want to protect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CIA triad

A

The three pillars of security

  • Confidentiality
  • Integrity
  • Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CIANA Pentagon

A

Modern, expanded version of the CIA Triad

-Confidentiality
- Integrity
- Availability
- Non Repudiation
- Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Threat

A

Anything that negatively impact our information technology systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vulnerability

A

Any weakness in the system design or implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk Management

A

Finding ways to minimize the likelihood of a negative outcome and achieve a positive outcome

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Confidentiality

A

Protecting information from unauthorized access and disclosure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why is Confidentiality Important?

A
  • To protect personal privacy
  • To maintain business advantage
  • To achieve regulatory compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the basic methods of maintaining Confidentiality?

A
  • Encryption
  • Access Controls
  • Data Masking
  • Physical Security Measures
  • Training & Awareness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Integrity

A

Ensures that that information and data remain accurate and unaltered unless intentionally modified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why is Integrity important?

A
  • To ensure data accuracy
  • To maintain trust
  • To ensure system operability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the methods of maintaining Integrity?

A
  • Hashing
  • Digital Signatures
  • Checksums
  • Access Controls
  • Regular Audits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Availability

A

Ensuring that information, systems and resources are accessible and operational when needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is Availability important?

A
  • Ensuring business continuity
  • Maintaining customer trust
  • Upholding an Organization’s reputation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the basic methods of maintaining Availability?

A
  • Redundancy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Non-repudiation

A

Ensuring that individuals and entities involved in a transaction cannot deny their participation or authenticity of their actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the basic methods of achieving Non-repudiation?

A

Digital Signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Authentication

A

Security measure that ensure individuals or entities are who they say they claim to be

20
Q

What are the common authentication methods?

A
  • Something you know (knowledge factor)
  • Something you have (possession factor)
  • Something you are (inherence factor)
  • Something you do (action factor)
  • Somewhere you are (location factor)
21
Q

MFA

A

Multi-Factor Authentication

Requiring multiple, different, authentication factors

22
Q

Authorization

A

The permissions and privileges granted to users and entities after they have been authenticated

23
Q

Why are authorization mechanisms important?

A
  • To protect sensitive data
  • To maintain system integrity
  • To create a more streamlined user experience
24
Q

Accounting

A

Security measure that ensures that all activities during a transaction are properly tracked and recorded

25
Q

Why do you need Accounting?

A
  • Create and audit trail
  • Maintain regulatory compliance
  • Conduct forensic analysis
  • Perform resource optimization
  • Achieve user accountability
26
Q

What technologies do you use to perform Accounting?

A
  • Syslog servers
  • Network analysis tools
  • SIEMs
27
Q

Security Control Categories

A

Four broad categories
- Technical controls
- Managerial controls (or administrative)
- Operational controls
- Physical controls

28
Q

Technical Controls

A

Category of Security Controls focusing on technological systems implemented to manage and reduce risk

29
Q

Managerial Controls

A

(Or administrative controls)
Category con Security Controls based on strategic planning and governance

30
Q

Operational Controls

A

Category of Security Control procedures and processes, usually focused on how work is performed

31
Q

Physical Controls

A

Category of Security Controls which cover real world measures taken to protect assets and information

32
Q

Security Control Types

A

Controls can be of multiple types

  • Preventative Controls
  • Deterrent Controls
  • Detective Controls
  • Corrective Controls
  • Compensating Controls
  • Directive Controls
33
Q

Preventative Controls

A

A proactive type of Security Control implemented to thwart threats and breaches. Examples would include firewalls

34
Q

Deterrent Controls

A

A type of Security Control designed to discourage potential attackers. Examples include warning signs

35
Q

Detective Controls

A

A type of Security Control which monitors and alerts when malicious activity happens. Security cameras and syslog servers would be examples

36
Q

Corrective Controls

A

A type of Security Control designed to mitigate damage and restore normal operations

37
Q

Compensating Controls

A

A type of Security Control implemented as an alternative when primary controls are not feasible or effective

38
Q

Directive Controls

A

A type of Security Control intended to Guide and inform. Often policy or documentation related to

39
Q

Gap Analysis

A

The process of evaluating the differences between an organizations current performance/state and what is desired

40
Q

What are the basic steps of performing a Gap Analysis?

A
  1. Define the scope of the analysis
  2. Gather data on the current state of the organization
  3. Analyze the data to identify where there is a difference between the desired goal and current state
  4. Develop a plan to bridge the gap
41
Q

What are the basic types of Gap Analysis?

A
  • Technical Gap Analysis
  • Business Gap Analysis
42
Q

Zero Trust

A

A security theory focused on avoiding relying on perimeter defense and relying more on verifying every device, user and transaction, regardless of origin

43
Q

What are the two planes associated with Zero Trust?

A
  • Control Plane
  • Data Plane
44
Q

Control Plane

A

One of the two planes of Zero Trust, referring to the overarching framework and set of components responsible for defining, managing and enforcing policies related to system and user access.

Key elements are…
- Adaptive Identity - real time verification of an entity’s identity
- Threat Scope reduction - limits access to only what the entity requires to accomplish their needs
- Policy Driven Access Control - developing and maintains Role based Access Controls
- Secured Zones - isolated sections of an environment designed to house sensitive data

45
Q

Data Plane

A

One of the two planes of Zero Trust. Focused on ensuring that policies are properly executed.

Key components include…
- Subject/System - the entity attempting to gain access
- Policy Engine - Cross references access requests with predefined policies
- Policy Administrator - Used to establish and manage the policies
- Policy Enforcement Point - Where the decision to grant or deny access happens