Fundamentals of Security Flashcards
What is information systems security
Act of protecting the systems that hold and process the critical data, or the deices that hold the data
What is information security
Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction.
What is the CIA triad?
Confidentiality, Integrity, Availability
What is confidentiality
Ensures that info is only accessible to those with appropriate authorization
What is integrity
ensures that data remains accurate and unaltered unless modification is required
What is availibility?
Ensures that information and resources are accessible and functional when needed by authorized users
Non repudiation
Guarantees that a specific action or event has taken place and cannot be denied by the parties involved . IE, digitally signing email
Define authentication
Process of verifying the identity of a user or system
Define authorization
Defines what actions or resources a user can access
What is accounting
act of tracking user activities and resource usage, usually for audit or billing purposes
Security controls
Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data
What categories of security controls are there?
physical, managerial, operational, Technical
What is Zero Trust?
Security model that operates on the principle that no one, inside or outside the org should be trusted by default
How to achieve zero trust
Control plane and data plane
Define control plane
Consists of the adaptive identity, threat scope reduction, policy driven access control, and secure zones