Fundamentals of Security Flashcards
Information Security
Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction.
Information Systems Security
Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data.
CIA Triad
Confidentiality, Integrity, & Availability
Confidentiality
Ensures information is accessible only to authorized personnel (e.g., encryption)
Integrity
Ensures data remains accurate and unaltered (e.g., checksums)
Availability
Ensures information and resources are accessible when needed (e.g., redundancy measures)
Non-Repudiation
Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures)
CIANA Pentagon
An extension of the CIA triad with the addition of non-repudiation and authentication.
Triple A’s of Security
Authentication, Authorization, & Accounting
Authentication
Verifying the identity of a user or system (e.g., password checks)
Authorization
Determining actions or resources an authenticated user can access (e.g., permissions)
Accounting
Tracking user activities and resource usage for audit or billing purposes.
Security Control Categories
■ Technical
■ Managerial
■ Operational
■ Physical
Security Control Types
■ Preventative
■ Deterrent
■ Detective
■ Corrective
■ Compensating
■ Directive
Zero Trust Model
Operates on the principle that no one should be trusted by default.
To achieve zero trust, we use the control plane and the data plane.