General Security Concepts: Examine the Principle of Security Flashcards
What is the Security Triangle?
C.I.A - Confidentiality, Integrity and Availability
What is the goal of Confidentiality?
Confidentiality: Ensure sensitive data is accessible only to authorized individuals or systems.
What is the goal of integrity?
Integrity: Ensure data remains accurate, consistent, and unaltered during storage, transmission, and processing.
What is the goal of Availability?
Availability: Ensure authorized users have timely and uninterrupted access to resources and systems.
What are the four concepts that supports the CIA?
Non-Repudiation
Authenticity
Accountability
Principle of least privilege
What is non-Repudiation?
Non-repudiation: Ensure that individuals can’t deny their actions or transactions and enhance accountability, which helps strengthen the
What is Authenticity?
Authenticity: Confirming the legitimacy of users, data sources, and communications helps ensure that information is accurate, trustworthy, and free from unauthorized alterations.
What is accountability?
Accountability: Establishing a traceable record of actions and activities that make individuals responsible for their actions contributes to the overall security and integrity of data, systems, and communications.
What is the Principle of least privilage?
Principle of least privilege: Restricting user and system permissions to the minimum necessary level reduces potential attack surfaces and safeguards the confidentiality, integrity, and availability of resources.
How to accomplish Confidentiality?
Encryption: Convert sensitive data into a scrambled output using complex algorithms that help prevent unauthorized access.
Access controls: Regulating and restricting entry to sensitive information helps ensure you allow only authorized users access to data, systems, or resources.
Secure communication channels: Employing encryption and authentication mechanisms help safeguard the transmission of sensitive data from unauthorized interception or eavesdropping.
What factors do you need to help ensure integrity?
Hashing: Generating fixed-size unique values from data enables verification of data integrity. Any alterations to the original data would result in a different hash value.
Digital signatures: Using cryptographic techniques to associate a unique digital identifier with a message or document allows recipients to verify both the sender’s authenticity and the document’s integrity.
Integrity checks: Comparing the current state of data or systems with a trusted reference enables you to detect any unauthorized changes or modifications that have occurred.
What factors do you need to help ensure availability?
Redundancy: Duplicating critical components or systems helps ensure that if one fails, another can seamlessly take over. This minimizes downtime and helps maintain continuous access to resources.
Load balancing: Distributing incoming network traffic or workloads across systems helps prevent them from becoming overwhelmed.
