Fundamentals of Security Flashcards
What is the Zero Trust security model about?
Zero trust is a security model that advocates for a “never trust, always verify” approach. This approach assumes no user or system is trusted by default and requires continuous verification to access organizational resources.
What is the CIA triad?
Confidentiality, Integrity, and Availability. These are the three pillars of cybersecurity.
What is the meaning of the confidentiality pillar in cybersecurity?
Confidentiality is the protection of data from unauthorized access and disclosure to ensure that only those with the necessary rights can view it.
What is the meaning of the integrity pillar in cybersecurity?
Integrity focuses on the assurance that data is trustworthy and accurate, and hasn’t been modified.
What is the meaning of the availability pillar in cybersecurity?
Availability ensures that data or services are accessible to authorized users when they need them.
What is the meaning of non-repudiation in cybersecurity?
Non-repudiation guarantees that a specific action or event has taken place and cannot be denied by the parties involved.
What does CIANA stands for?
Confidentiality, Integrity, Availability, Non-repudiation, and Authentication.
What do the triple AAAs of security stand for?
Authentication verifies an entity’s identity before granting access to a resource. Authorization determines what rights or privileges a user has after they are authenticated. Accounting tracks and logs user activities.
What are the Security Controls?
Security controls are measures or mechanisms put in place to mitigate risks and protect the CIA of information systems and their data.
What are the different categories into which security controls can be classified?
Technical Controls: tools or pieces of software that can protect the system’s integrity, confidentiality, or availability, such as: installing antiviruses, Firewalls, encryption processes, and intrusion detection systems.
Managerial Controls: administrative controls. Involve the strategic planning and governance side of security.
Operational Controls: procedures and measures designed to protect data on a day-to-day basis, such as a password policy, backup procedures, account reviews, and user training programs.
Physical Controls: tangible, real-world measures taken to protect assets, such as surveillance cameras, biometrics, reinforced doors, etc.
What are the different types of security controls?
Preventive Controls: firewall
Deterrent Controls:
Detective Controls: are used to detect and alert about incidents. IDS (Intrusion Detection System)
Corrective Controls: address issues after they arise. Mitigate any potential damage and restore the system to its normal state.
Compensating Controls: provide alternatives to primary controls.
Directive Controls: are policies or procedures that dictate specific actions or behaviors by users or systems. Such as a policy issued by the CTO mandating password resets every 60 days.
Define Control Plane and Data Plane in Zero Trust architecture.
In a Zero Trust architecture, the control plane manages access policies and authentication, while the data plane handles the actual data transfer and application traffic based on those policies.
What is a secure zone?
A secure zone is an isolated environment within a network that is designed to house sensitive data.
