Fundamentals of Security Flashcards
Information Security
Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction
Information Systems Security
Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data
CIA Triad
Confidentiality
- Ensures information is accessible only to authorized personnel (e.g., encryption)
Integrity
- Ensures data remains accurate and unaltered (e.g., checksums)
Availability
- Ensures information and resources are accessible when needed (e.g., redundancy measures)
CIANA Pentagon
An extension of the CIA triad with the addition of non-repudiation and authentication
Triple A’s of Security
Authentication
- Verifying the identity of a user or system (e.g., password checks)
Authorization
- Determining actions or resources an authenticated user can access (e.g., permissions)
Accounting
- Tracking user activities and resource usage for audit or billing purposes
Cybersecurity Framework
o Identify – Develop security policies and capabilities. Evaluate risks, threats and vulnerabilities and recommend security controls to mitigate them/
o Protect
o Detect
o Respond
o Recover
What is Security Control and its Categories
A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information
Categories:
1: Managerial—the control gives oversight of the
information system. Examples could include risk
identification or a tool allowing the evaluation and
selection of other security controls.
2: Operational—the control is implemented primarily by
people. For example, security guards and training
programs are operational controls.
3: Technical—the control is implemented as a system
(hardware, software, or firmware). For example, firewalls,
antivirus software, and OS access control models are
technical controls.
4: Physical— controls such as alarms, gateways, locks,
lighting, and security cameras that deter and detect
access to premises and hardware are often placed in a
separate category to technical controls.
Security Control Types
Preventative
Deterrent
Detective
Corrective
Compensating
Directive
Zero Trust Model
Operates on the principle that no one should be trusted by default
To achieve zero trust, we use the ….
Control Plane
- Adaptive identity, threat scope reduction, policy-driven access control, and secured zones
Data Plane
- Subject/system, policy engine, policy administrator, and establishing policy enforcement points
Threat
Anything that could cause harm, loss, damage, or compromise to our information technology systems.
Can come from the following:
1: Natural disasters
2: Cyber-attacks
3: Data integrity breaches
4: Disclosure of confidential information
Vulnerabilities
Any weakness in the system design or implementation.
Come from internal factors like the following:
- Software bugs
- Misconfigured software
- Improperly protected network devices
- Missing security patches
- Lack of physical security
Risk Management
Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome
- Where threats and vulnerabilities intersect, that is where the risk to your enterprise systems and networks lies
- If you have a threat, but there is no matching vulnerability to it, then you have no risk
- The same holds true that if you have a vulnerability but there’s no threat against it, there would be no risk
Confidentiality
Refers to the protection of information from unauthorized access and disclosure
Ensure that private or sensitive information is not available or disclosed to unauthorized individuals, entities, or processes
Confidentiality is important for 3 main reasons
1: To protect personal privacy
2: To maintain a business advantage
3: To achieve regulatory compliance
To ensure confidentiality, we use five basic methods
1: Encryption
- Process of converting data into a code to prevent unauthorized access
2: Access Controls
- By setting up strong user permissions, you ensure that only authorized personnel can access certain types of data
3: Data Masking
- Method that involves obscuring specific data within a database to make it inaccessible for unauthorized users while retaining the real data’s authenticity and use for authorized users
4: Physical Security Measures
- Ensure confidentiality for both physical types of data, such as paper records stored in a filing cabinet, and for digital information contained on servers and workstations
5: Training and Awareness
- Conduct regular training on the security awareness best practices that employees can use to protect their organization’s sensitive data
Intrigity
Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorized individual
- Verifies the accuracy and trustworthiness of data over the entire lifecycle
Integrity is important for three main reasons
1: To ensure data accuracy
2: To maintain trust
3: To ensure system operability
To help us maintain the integrity of our data, systems, and networks, we usually utilize five methods
1: Hashing
- Process of converting data into a fixed-size value
2: Digital Signatures
- Ensure both integrity and authenticity
3: Checksums
- Method to verify the integrity of data during transmission
4: Access Controls
- Ensure that only authorized individuals can modify data and this reduces the risk of unintentional or malicious alterations
5: Regular Audits
- Involve systematically reviewing logs and operations to ensure that only authorized changes have been made, and any discrepancies are immediately addressed
Availability
Ensure that information, systems, and resources are accessible and operational when needed by authorized users
As cybersecurity professionals, we value availability since it can help us with the following
1: Ensuring Business Continuity
2: Maintaining Customer Trust
3: Upholding an Organization’s Reputation
To overcome the challenges associated with maintaining availability, the best strategy is to use redundancy in your systems and network designs. What is redundancy
Duplication of critical components or functions of a system with the intention of enhancing its reliability
There are various types of redundancy you need to consider when designing your systems and networks
1: Server Redundancy
- Involves using multiple servers in a load balanced or failover configuration so that if one is overloaded or fails, the other servers can take over the load to continue supporting your end users
2: Data Redundancy
- Involves storing data in multiple places
3: Network Redundancy
- Ensures that if one network path fails, the data can travel through another route
4: Power Redundancy
- Involves using backup power sources, like generators and UPS systems
Non-repudiation
Non-repudiation
- Focused on providing undeniable proof in the world of digital transactions
- Security measure that ensures individuals or entities involved in a communication or transaction cannot deny their participation or the authenticity of their actions
Digital Signatures
- Considered to be unique to each user who is operating within the digital domain
- Created by first hashing a particular message or communication that you want to digitally sign, and then it encrypts that hash digest with the user’s private key using asymmetric encryption
Non-repudiation is important for three main reasons
1: To confirm the authenticity of digital transactions
2: To ensure the integrity of critical communications
3: To provide accountability in digital processes
Authentication
Security measure that ensures individuals or entities are who they claim to be during a communication or transaction
5 commonly used authentication methods
1: Something you know (Knowledge Factor)
- Relies on information that a user can recall
2: Something you have (Possession Factor)
- Relies on the user presenting a physical item to authenticate themselves
3: Something you are (Inherence Factor)
- Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be
4: Something you do (Action Factor)
- Relies on the user conducting a unique action to prove who they are
5: Somewhere you are (Location Factor)
- Relies on the user being in a certain geographic location before access is granted
Multi-Factor Authentication System (MFA)
Security process that requires users to provide multiple methods of identification to verify their identity
Authentication is critical to understand because of the following
1: To prevent unauthorized access
2: To protect user data and privacy
3: To ensure that resources are accessed by valid users only
Authorisation
Pertains to the permissions and privileges granted to users or entities after they have been authenticated
Authorization mechanisms are important to help us with the following
1: To protect sensitive data
2: To maintain the system integrity in our organizations
3: To create a more streamlined user experience
Accounting
Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded
Your organization should use a robust accounting system so that you can create the following
1: Create an audit trail
- Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a source or point in time
2: Maintain regulatory compliance
- Maintains a comprehensive record of all users’ activities
3: Conduct forensic analysis
- Uses detailed accounting and event logs that can help cybersecurity experts understand what happened, how it happened, and how to prevent similar incidents from occurring again
4: Perform resource optimization
- Organizations can optimize system performance and minimize costs by tracking resource utilization and allocation decisions
5: Achieve user accountability
- Thorough accounting system ensures users’ actions are monitored and logged, deterring potential misuse and promoting adherence to the organization’s policies
To perform accounting, we usually use different technologies like the following
1: Syslog Servers
- Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies in the organization’s systems
2: Network Analysis Tools
- Used to capture and analyze network traffic so that network administrators can gain detailed insights into all the data moving within a network
3: Security Information and Event Management (SIEM) Systems
- Provides us with a real-time analysis of security alerts generated by various hardware and software infrastructure in an organization
4 Broad Categories of Security Controls
1: Technical Controls
- Technologies, hardware, and software mechanisms that are implemented to manage and reduce risks
2: Managerial Controls
- Sometimes also referred to as administrative controls
- Involve the strategic planning and governance side of security
3: Operational Controls
- Procedures and measures that are designed to protect data on a day-to-day basis
- Are mainly governed by internal processes and human actions
4: Physical Controls
- Tangible, real-world measures taken to protect assets
6 Basic Types of Security Controls
1: Preventive Controls
- Proactive measures implemented to thwart potential security threats or breaches
2: Deterrent Controls
- Discourage potential attackers by making the effort seem less appealing or more challenging
3: Detective Controls
- Monitor and alert organizations to malicious activities as they occur or shortly thereafter
4: Corrective Controls
- Mitigate any potential damage and restore our systems to their normal state
5: Compensating Controls
- Alternative measures that are implemented when primary security controls are not feasible or effective
6: Directive Controls
- Guide, inform, or mandate actions
- Often rooted in policy or documentation and set the standards for behavior within an organization
Gap Analysis
- Process of evaluating the differences between an organization’s current performance and its desired performance
- Conducting a gap analysis can be a valuable tool for organizations looking to improve their operations, processes, performance, or overall security posture
There are several steps involved in conducting a gap analysis
1: Define the scope of the analysis
2: Gather data on the current state of the organization
3: Analyze the data to identify any areas where the organization’s current performance falls short of its desired performance
4: Develop a plan to bridge the gap
2 Basic Types of Gap Analysis
1: Technical Gap Analysis
- Involves evaluating an organization’s current technical infrastructure
- identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions
2: Business Gap Analysis
- Involves evaluating an organization’s current business processes
- Identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions
Plan of Action and Milestones (POA&M)
Outlines the specific measures to address each vulnerability
Allocate resources
Set up timelines for each remediation task that is needed
Zero Trust
Zero Trust demands verification for every device, user, and transaction within the network, regardless of its origin
To create a zero trust architecture, we need to use two different planes
1: Control Plane
2: Data Plane
Control Plane
Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization
2: Control Plane typically encompasses several key elements
Adaptive Identity
Relies on real-time validation that takes into account the user’s behavior, device, location, and more
Data Plane
- Threat Scope Reduction
o Limits the users’ access to only what they need for their work tasks because this reduces the network’s potential attack surface
o Focused on minimizing the “blast radius” that could occur in the event of a breach - Policy-Driven Access Control
o Entails developing, managing, and enforcing user access policies based on their roles and responsibilities - Secured Zones
o Isolated environments within a network that are designed to house sensitive data - Ensures the policies are properly executed
Data plane consists of the following:
1: Subject/System
- Refers to the individual or entity attempting to gain access
2: Policy Engine
- Cross-references the access request with its predefined policies
3: Policy Administrator
- Used to establish and manage the access policies
4: Policy Enforcement Point
- Where the decision to grant or deny access is actually execute
Identity and Access Management (IAM) systems
A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.
- Identification
- Authentication
- Authorization
- Accounting
COMTPIA - What are the properties of a secure information processing system?
COMPTIA - What term is used to describe the property of a secure network where a sender cannot deny having sent a message?
Non-repudiation
Comptia - A company provides a statement of deviations from framework best practices to a regulator. What process has the company performed?
Compita - What process within an access control framework logs actions performed by subjects?
Comptia - What process within an access control framework logs actions performed by subjects?
Comptia - How does accounting provide non-repudiation?