Fundamentals Of Security Flashcards
Protecting data and information from unauthorized access, modification,
disruption, disclosure, and destruction
Information Security
Protecting the systems (e.g., computers, servers, network devices) that hold and
process critical data
Information Systems Security
CIA Triad
Confidentiality, Integrity, Availability
Ensures information is accessible only to authorized personnel (e.g.,
encryption)
Confidentiality
Ensures data remains accurate and unaltered (e.g., checksums)
Integrity
Ensures information and resources are accessible when needed (e.g.,
redundancy measures)
Availability
Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures)
Non-Repudiation
An extension of the CIA triad with the addition of non-repudiation and
authentication
CIANA Pentagon
Triple A’s of Security
Authentication, Authorisation, Accounting
Verifying the identity of a user or system (e.g., password checks)
Authentication
Determining actions or resources an authenticated user can access (e.g.,
permissions)
Authorisation
Tracking user activities and resource usage for audit or billing purposes
Accounting
Security Control Categories
Technical, Managerial, Operational, Physical
Security Control Types
Preventative, Deterrent, Detective, Corrective, Compensating, Directive
Security Control: Technical
Software & Hardware, Firewall, Antivirus
Security Control: Managerial
Administrative Controls: Policies & Training Programs
Security Control: Operational
Password change every 90 days
Security Control: Physical
Locks, Lighting, Sensors, Guard’s
Security Control Types: Preventative
Firewall
Security Control Types: Deterrent
Warning Signs
Security Control Types: Detective
Antivirus
Security Control Types: Corrective
Antivirus (Quarantine)
Security Control Types: Compensating
WPA3 is not feasible so instead WPA2 with the addition of VPN to compensate for the missing security Factor.
Security Control Types: Directive
An order or directive such as Changing passwords every 90 days
Operates on the principle that no one should be trusted by default. Trust no one, verify everyone
Zero Trust Model
Adaptive identity, threat scope reduction, policy-driven access
control, and secured zones
Control Plane