General Flashcards

1
Q

What is the CIA Triad?

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Integrity?

A

Property of Information: maintained in a way that ensures completeness, accuracy, internal consistency, and usefulness for a stated purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Confidentiality?

A

Permitting authorized access while at the same time protecting information from improper disclosure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is PII?

A

Personally Identifiable Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Sensitivity

A

Measure of importance of information / reason for need to protect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data Integrity

A

Assurance that data has not been altered in an unauthorized manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Availability

A

(1) timely and reliable access & ability to use for authorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Authentication Types

A

(1) Something you know: password (knowledge based)
(2) Something you have: e.g., token device (token based)
(3) Something you are: biometrics (characteristic based)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Non-Repudiation

A

Protection against an individual falsely denying having performed a particular action. Capability to determine if an action was taken.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Risk

A

Measure of the extent to which an entity is threatened by a potential circumstance or event.
Probability vs. Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Risk Management: Asset

A

Something that needs protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Risk Management: Vulnerability

A

Gap or Weakness in Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Risk Management: Threat

A

Something or someone that can exploit a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Risk Matrix

A

Probability vs. Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Risk Treatment

A

(1) Avoidance
(2) Mitigation
(3) Acceptance
(4) Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Risk Priorities

A

Qualitative
Quantitative
Semi-Quantitative (critical, high, medium, low)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Security Controls

A

Physical
Administrative
Technical (or: Logical)

18
Q

Governance Elements

A

Regulations and Laws
Standards
Policies
Procedures

19
Q

Standards (in Governance)

A

ISO, NIST, IETF, IEEE – usually set by professional organizations or governing bodies.

20
Q

Laws vs. Standars vs. Policies

A

Policy is informed by applicable laws and specifies which standards (may be external + internal standards) the organization follows.

21
Q

ISC2 Code of Ethics Canon

A

(1) Protect society, common good, necessary public trust and confidence, and infrastructure
(2) Act honorably, honestly, justly, responsibly, and legally.
(3) Provide diligent and competent service to principals.
(4) Advance and protect the profession.

Don’t have to report to law enforcement or ISC2.

22
Q

ISC Code of Ethics Preamble

A

Purpose and Intent of Code of Ethics
(1) The safety and welfare of society and commmon good, duty to principals and each others -> adhere to highest ethical standards of behavior
(2) strict adherance to the code is condition of certification.

23
Q

Breach

A

Loss of control, compromise, unauthorized disclsoure/acquisition

24
Q

Event

A

Obserable occurrence in a network or system.

25
Q

Exploit

A

A particular attack (vector)

26
Q

Incident

A

An event that actually or potentially jeopardizes CIA of a system.

27
Q

Intrusion

A

Security event in which an intruder gains access without authorization.

28
Q

Threat

A

Circumstance or event with potential to impact operations, functions, or CIA

29
Q

Vulnerability

A

Weakness or Flaw

30
Q

Zero Day

A

Previously unknown system vulnerability with the potential of exploitation.

31
Q

Incident Response Plan

A

Preparation
Detection and Analysis
Containment, Eradication, Recovery
Post-Incident Activity

32
Q

Business Continuity Plan Components

A

Procedures/Plans/Checklists
Contact Info
Comms Plan

33
Q

Disaster Recovery Plan

A

Detailed Plan of how to recover. Including checklists of how to bring up alternative sites and load backups and recover data.
Activated in case Incident Response and Business Continuity plans fail.

34
Q

Business Impact Analysis

A

Analysis of the impact that loss of a component or of an entire system will have on the business.

35
Q

Security Control Elements

A

Objects, Subjects, Rules

36
Q

Layered Defense / Defense in Depth

A

Multiple layers of access controls, e.g., MFA

37
Q

Principle of Least Privilege

A

Permitting minimum access necessary

38
Q

Segregation of Duties

A

Multiple persons should be involved in enabling high-risk transactions.

39
Q

Discretionary Access Control

A

Direct mapping of objects <> subjects with level of access. Up to the discretion of the object owner.

40
Q

Mandatory Access Control

A

Only security administrators control security rules.

41
Q
A