FUNDAMENTALS OF SECURITY

Question 1

What is the difference between Information Security and Information System Security?

Answer 1

Information Security: It is the act of protecting the data and information from unauthorized access, unlawful modification and disruption. Information security -> Data that the systems are holding, not the system itself.

Information System Security: It is the act of protecting the systems that hold and process our critical data. It could be a computer, server, network device or even a smartphone

Question 2

What is the CIA triad?

Answer 2

The CIA triad stands for :
Confidentiality -> It ensures that information is available only to those with the proper authorization.

Integrity -> It ensures the data remains accurate and unaltered unless modification is required.

Availability -> It ensures that information resources are accessible and functional when needed by authorized users.

There are the 3 pillars of security

Question 3

What is non repudiation?

Answer 3

Non repudiation means guaranteeing that a specific action or event has taken place and can not been denied by the parties involved

Question 4

What is the AAAs of security?

Answer 4

Authentication -> It is the process of verifying the identity of a user or of a system.

Authorization-> It determines what actions or resources an authenticated user has permissions to perform.

Accounting-> It is the act of tracking your user activities and resource utilization. It is usually done for auditing or billing purposes

Question 5

Define Security controls?

Answer 5

They are measures or mechanisms put in place to mitigate risks and protect the confidentiality , integrity and availability of information systems and their data

Question 6

What are the categories of security controls?

Answer 6

Technical
Managerial
Operational
Physical Controls

Question 7

What are the different types of security controls?

Answer 7

Preventive
Deterrent
Detective
Corrective
Compensating
Directive

Question 8

Define Zero Trust

Answer 8

It is a security model that operates on the principle that no one, whether inside or outside the organization should be trusted by default, hence verification will be required from everybody who’s trying to access to your system resources

Question 9

How to achieve Zero Trust?

Answer 9

We have to use:
A control plane ->Adaptive identity, threat scope reduction, policy driven access control, secured zone.

A Data plane-> It focuses on subject/system, policy engine, policy administrator and establishing policy enforcement points.