Fundamentals of Security Flashcards

1
Q

Information Security

A

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information Systems Security

A

Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CIA Triad

A

Confidentiality, Integrity, & Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Confidentiality

A

Ensures information is accessible only to authorized personnel (e.g., encryption)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Integrity

A

Ensures data remains accurate and unaltered (e.g., checksums)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Availability

A

Ensures information and resources are accessible when needed (e.g., redundancy measures)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Non-Repudiation

A

Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

CIANA Pentagon

A

An extension of the CIA triad with the addition of non-repudiation and authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Triple A’s of Security

A

Authentication, Authorization, & Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Authentication

A

Verifying the identity of a user or system (e.g., password checks)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Authorization

A

Determining actions or resources an authenticated user can access (e.g., permissions)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Accounting

A

Tracking user activities and resource usage for audit or billing purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Security Control Categories

A

■ Technical
■ Managerial
■ Operational
■ Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Security Control Types

A

■ Preventative
■ Deterrent
■ Detective
■ Corrective
■ Compensating
■ Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Zero Trust Model

A

Operates on the principle that no one should be trusted by default.

To achieve zero trust, we use the control plane and the data plane.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Control Plane

A

Adaptive identity, threat scope reduction, policy-driven access control, and secured zones.

17
Q

Data Plane

A

Subject/system, policy engine, policy administrator, and
establishing policy enforcement points.

18
Q

Threat

A

Anything that could cause harm, loss, damage, or compromise to our information
technology systems.

Can come from the following:
● Natural disasters
● Cyber-attacks
● Data integrity breaches
● Disclosure of confidential information

19
Q

Vulnerability

A

Any weakness in the system design or implementation.

Come from internal factors like the following:
● Software bugs
● Misconfigured software
● Improperly protected network devices
● Missing security patches
● Lack of physical security

20
Q

Risk Management

A

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome.

21
Q

Confidentiality

A

Refers to the protection of information from unauthorized access and disclosure.

Ensure that private or sensitive information is not available or disclosed to unauthorized individuals, entities, or processes.

22
Q

Confidentiality is important for 3 main reasons

A

■ To protect personal privacy
■ To maintain a business advantage
■ To achieve regulatory compliance

23
Q

To ensure confidentiality, we use five basic methods

A

■ Encryption
■ Access Controls
■ Data Masking
■ Physical Security Measures
■ Training and Awareness

24
Q
A