General Flashcards
What is the CIA Triad?
Confidentiality
Integrity
Availability
What is Integrity?
Property of Information: maintained in a way that ensures completeness, accuracy, internal consistency, and usefulness for a stated purpose.
What is Confidentiality?
Permitting authorized access while at the same time protecting information from improper disclosure.
What is PII?
Personally Identifiable Information
Sensitivity
Measure of importance of information / reason for need to protect.
Data Integrity
Assurance that data has not been altered in an unauthorized manner.
Availability
(1) timely and reliable access & ability to use for authorized users.
Authentication Types
(1) Something you know: password (knowledge based)
(2) Something you have: e.g., token device (token based)
(3) Something you are: biometrics (characteristic based)
Non-Repudiation
Protection against an individual falsely denying having performed a particular action. Capability to determine if an action was taken.
Risk
Measure of the extent to which an entity is threatened by a potential circumstance or event.
Probability vs. Impact
Risk Management: Asset
Something that needs protection.
Risk Management: Vulnerability
Gap or Weakness in Protection
Risk Management: Threat
Something or someone that can exploit a vulnerability.
Risk Matrix
Probability vs. Impact
Risk Treatment
(1) Avoidance
(2) Mitigation
(3) Acceptance
(4) Transfer
Risk Priorities
Qualitative
Quantitative
Semi-Quantitative (critical, high, medium, low)