Fundamentals of Security Flashcards
Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction
Information Security
Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data
Information Systems Security
CIA Triad
Confidentiality
Integrity
Availability
Ensures information is accessible only to authorized personnel (e.g.,
encryption)
Confidentiality
Ensures data remains accurate and unaltered (e.g., checksums)
Integrity
Ensures information and resources are accessible when needed (e.g.,
redundancy measures)
Availability
Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures
Non-Repudiation
An extension of the CIA triad with the addition of non-repudiation and
authentication
CIANA Pentagon
Triple A’s of Security
Authentication
Authorization
Accounting
Verifying the identity of a user or system (e.g., password checks)
Authentication
Determining actions or resources an authenticated user can access (e.g.,
permissions)
Authorization
Tracking user activities and resource usage for audit or billing purposes
Accounting
Security Control Categories
■ Technical
■ Managerial
■ Operational
■ Physical
Security Control Types
■ Preventative
■ Deterrent
■ Detective
■ Corrective
■ Compensating
■ Directive
Operates on the principle that no one should be trusted by default. To achieve zero trust, we use the control plane and the data plane.
Zero Trust Model
Adaptive identity, threat scope reduction, policy-driven access
control, and secured zones
Control Plane
Subject/system, policy engine, policy administrator, and
establishing policy enforcement points
Data Plane
Anything that could cause harm, loss, damage, or compromise to our information
technology systems. Can come from the following:
● Natural disasters
● Cyber-attacks
● Data integrity breaches
● Disclosure of confidential information
Threat
Any weakness in the system design or implementation. Come from internal factors like the following:
● Software bugs
● Misconfigured software
● Improperly protected network devices
● Missing security patches
● Lack of physical security
Vulnerability
Finding different ways to minimize the likelihood of an outcome and achieve the
desired outcome.
Risk Management
Refers to the protection of information from unauthorized access and disclosure. Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes.
Confidentiality
Confidentiality is important for 3 main reasons
■ To protect personal privacy
■ To maintain a business advantage
■ To achieve regulatory compliance
To ensure confidentiality, we use five basic methods
Encryption
Access Controls
Data Masking
Physical Security Measures
Training and Awareness
Process of converting data into a code to prevent unauthorized access
Encryption
By setting up strong user permissions, you ensure that only authorized
personnel can access certain types data
Access Controls
Method that involves obscuring specific data within a database to make it
inaccessible for unauthorized users while retaining the real data’s
authenticity and use for authorized users
Data Masking
Ensure confidentiality for both physical types of data, such as paper
records stored in a filing cabinet, and for digital information contained on
servers and workstations
Physical Security Measures
Conduct regular training on the security awareness best practices that
employees can use to protect their organization’s sensitive data
Training and Awareness
Helps ensure that information and data remain accurate and unchanged from its
original state unless intentionally modified by an authorized individual. Verifies the accuracy and trustworthiness of data over the entire lifecycle
Integrity
Integrity is important for three main reasons
■ To ensure data accuracy
■ To maintain trust
■ To ensure system operability
To help us maintain the integrity of our data, systems, and networks, we usually utilize
five methods
Hashing
Digital Signatures
Checksums
Access Controls
Regular Audits
Process of converting data into a fixed-size value
Hashing
Ensure both integrity and authenticity
Digital Signatures
Method to verify the integrity of data during transmission
Checksums
Ensure that only authorized individuals can modify data and this reduces
the risk of unintentional or malicious alterations
Access Controls
Involve systematically reviewing logs and operations to ensure that only
authorized changes have been made, and any discrepancies are
immediately addressed
Regular Audits
Ensure that information, systems, and resources are accessible and operational
when needed by authorized users
Availability
As cybersecurity professionals, we value availability since it can help us with the
following:
■ Ensuring Business Continuity
■ Maintaining Customer Trust
■ Upholding an Organization’s Reputation
To overcome the challenges associated with maintaining availability, the best strategy is to us ____________ in your systems and network designs
Redundancy
Duplication of critical components or functions of a system with the intention of enhancing its reliability.
Redundancy
There are various types of redundancy you need to consider when designing your
systems and networks
Server Redundancy
Data Redundancy
Network Redundancy
Power Redundancy
Involves using multiple servers in a load balanced or failover configuration
so that if one is overloaded or fails, the other servers can take over the
load to continue supporting your end users
Server Redundancy
Involves storing data in multiple places
Data Redundancy
Ensures that if one network path fails, the data can travel through
another route
Network Redundancy
Involves using backup power sources, like generators and UPS systems
Power Redundancy
■ Focused on providing undeniable proof in the world of digital transactions
■ Security measure that ensures individuals or entities involved in a
communication or transaction cannot deny their participation or the authenticity
of their actions
Non-repudiation
■ Considered to be unique to each user who is operating within the digital domain
■ Created by first hashing a particular message or communication that you want to
digitally sign, and then it encrypts that hash digest with the user’s private key
using asymmetric encryption
Digital Signatures
Non-repudiation is important for three main reasons
■ To confirm the authenticity of digital transactions
■ To ensure the integrity of critical communications
■ To provide accountability in digital processes
Security measure that ensures individuals or entities are who they claim to be
during a communication or transaction
Authentication
5 commonly used authentication methods
Something you know (Knowledge Factor)
Something you have (Possession Factor)
Something you are (Inherence Factor)
Something you do (Action Factor)
Somewhere you are (Location Factor)
Relies on information that a user can recall
Something you know (Knowledge Factor)
Relies on the user presenting a physical item to authenticate themselves
Something you have (Possession Factor)
Relies on the user providing a unique physical or behavioral characteristic
of the person to validate that they are who they claim to be
Something you are (Inherence Factor)
Relies on the user conducting a unique action to prove who they are
Something you do (Action Factor)
Relies on the user being in a certain geographic location before access is
granted
Somewhere you are (Location Factor)
Security process that requires users to provide multiple methods of identification
to verify their identity
Multi-Factor Authentication System (MFA)
Authentication is critical to understand because of the following
■ To prevent unauthorized access
■ To protect user data and privacy
■ To ensure that resources are accessed by valid users only
Pertains to the permissions and privileges granted to users or entities after they
have been authenticated
Authorization
Authorization mechanisms are important to help us with the following
■ To protect sensitive data
■ To maintain the system integrity in our organizations
■ To create a more streamlined user experience
Security measure that ensures all user activities during a communication or
transaction are properly tracked and recorded
Accounting
Your organization should use a robust accounting system so that you can create the
following
Create an audit trail
Maintain regulatory compliance
Conduct forensic analysis
Perform resource optimization
Achieve user accountability
Provides a chronological record of all user activities that can be used to
trace changes, unauthorized access, or anomalies back to a source or
point in time
Create an audit trail
Maintains a comprehensive record of all users’ activities
Maintain regulatory compliance
Uses detailed accounting and event logs that can help cybersecurity
experts understand what happened, how it happened, and how to
prevent similar incidents from occurring again
Conduct forensic analysis
Organizations can optimize system performance and minimize costs by
tracking resource utilization and allocation decisions
Perform resource optimization
Thorough accounting system ensures users’ actions are monitored and
logged , deterring potential misuse and promoting adherence to the
organization’s policies
Achieve user accountability
To perform accounting, we usually use different technologies like the following
Syslog Servers
Network Analysis Tools
Security Information and Event Management (SIEM) Systems
Used to aggregate logs from various network devices and systems so that
system administrators can analyze them to detect patterns or anomalies
in the organization’s systems
Syslog Servers
Used to capture and analyze network traffic so that network
administrators can gain detailed insights into all the data moving within a
network
Network Analysis Tools
Provides us with a real-time analysis of security alerts generated by
various hardware and software infrastructure in an organization
Security Information and Event Management (SIEM) Systems
4 Broad Categories of Security Controls
Technical Controls
Managerial Controls
Operational Controls
Physical Controls
Technologies, hardware, and software mechanisms that are implemented
to manage and reduce risks
Technical Controls
● Sometimes also referred to as administrative controls
● Involve the strategic planning and governance side of security
Managerial Controls
● Procedures and measures that are designed to protect data on a
day-to-day basis
● Are mainly governed by internal processes and human actions
Operational Controls
Tangible, real-world measures taken to protect assets
Physical Controls
6 Basic Types of Security Controls
Preventive Controls
Deterrent Controls
Detective Controls
Corrective Controls
Compensating Controls
Directive Controls
Proactive measures implemented to thwart potential security threats or
breaches
Preventive Controls
Discourage potential attackers by making the effort seem less appealing
or more challenging
Deterrent Controls
Monitor and alert organizations to malicious activities as they occur or shortly thereafter
Detective Controls
Mitigate any potential damage and restore our systems to their normal
state
Corrective Controls
Alternative measures that are implemented when primary security
controls are not feasible or effective
Compensating Controls
● Guide, inform, or mandate actions
● Often rooted in policy or documentation and set the standards for
behavior within an organization
Directive Controls
Process of evaluating the differences between an organization’s current
performance and its desired performance
Gap Analysis
There are several steps involved in conducting a gap analysis
■ Define the scope of the analysis
■ Gather data on the current state of the organization
■ Analyze the data to identify any areas where the organization’s current
performance falls short of its desired performance
■ Develop a plan to bridge the gap
2 Basic Types of Gap Analysis
Technical Gap Analysis
Business Gap Analysis
● Involves evaluating an organization’s current technical infrastructure
● identifying any areas where it falls short of the technical capabilities
required to fully utilize their security solutions
Technical Gap Analysis
● Involves evaluating an organization’s current business processes
● Identifying any areas where they fall short of the capabilities required to
fully utilize cloud-based solutions
Business Gap Analysis
● Outlines the specific measures to address each vulnerability
● Allocate resources
● Set up timelines for each remediation task that is needed
Plan of Action and Milestones (POA&M)
_____________demands verification for every device, user, and transaction within the
network, regardless of its origin
Zero Trust
Refers to the overarching framework and set of components responsible
for defining, managing, and enforcing the policies related to user and
system access within an organization
Control Plane
Control Plane typically encompasses 4 key elements
Adaptive Identity
Threat Scope Reduction
Policy-Driven Access Control
Secured Zones
Relies on real-time validation that takes into account the
user’s behavior, device, location, and more
Adaptive Identity
Entails developing, managing, and enforcing user access
policies based on their roles and responsibilities
Policy-Driven Access Control
Limits the users’ access to only what they need for their
work tasks because this reduces the network’s potential
attack surface. Focused on minimizing the “blast radius” that could occur
in the event of a breach
Threat Scope Reduction
Isolated environments within a network that are designed
to house sensitive data
Secured Zones
Ensures the policies are properly executed
Data Plane
Data plane consists of the following
Subject/System
Policy Engine
Policy Administrator
Policy Enforcement Point
Refers to the individual or entity attempting to gain access
Subject/System
Cross-references the access request with its predefined
policies
Policy Engine
Used to establish and manage the access policies
Policy Administrator
Where the decision to grant or deny access is actually
execute
Policy Enforcement Point
