Intro Flashcards
what does CIA stand for in cyber security
Confidentiality, integrity and availability
Describe C in CIA
C stands for confidentiality. Need to make sure data is secure when it is stored, transmitted and when being processed
What are some key components of confidentiality in CIA
Need to make sure data is hidden and visible to authorize dusers
how can you enforce confidentiality
encryption - not making data available to unauthorized users.
describe I in CIA
Data must be accurate and complete and has not been modified
how is integrity enforced?
By hashes : summary or message of original data.- and comparing both hashes
Describe A in CIA
Availability: making sure data is available as and when required
what are violation of availability
damage web server or slow downs web server . slower down process times
how can availability be enforces
By redundancy: covering all bases - install multiple communication link so if some are affected you still have back ups
what does IAM stand for
Idetity and access management
what does IAAA stand for
identification, (name- not authentication), authentication ( proof who you are- ex. secret pin), authorization ( diff levels of access), accountability ( holder is accountable)
what is the I in IAAA
Identification: a subject claims and identity e. id badge, retina,
what is the first A in IAAA
Authetication: a subject prooves identity
ex. password, pin or metric data
what are the phases in an identity lifecycle
1st- provisioning - ex. new accounts
2nd review- periodic account reviews- ex. person moves up
3rc- revocation- disable accounts of employee who leaves
what are the types of authentication pass words
type 1- password, pin
type 2- mobile, sim , badge
type 3- something that you are- fingerprint, retina
what is the best type of authetication
multifactor( combines more than 1) _ type 1 and type 2 - ex. password and mobile phone
explain types of authentication
type 1- something you know
type 2- something u have
type 3 - something u are
what is an identity federation
provide the relationship so redundant accounts are not created. use credentials from one account to log onto multiple systems /
what are token based authentication
server will generate token and send to client
what is single sign on
user logins in once and has access to everything on accounts ( within single organization)
what are protocols used i authentication
SAML - standar dfor single sign on implementations
oauth- standard for authorization between parties
-OIDC- build on top of oauth , single sign off implementation
what are the security governance to ensure decent and securie policies
policies, - broad, high level
standard - rukes to achieve intent of policies
procedures and guidelines - specific stesp to acienve consistency - train employes
what is PII in security regulation
Personally identifuable information - ex. indentify, contact or locate someone
what is PHI in security regulatioon
protected health information - ex.health information linked to someone
what is GDPR regulation
protects general data
what is HIPPA regulations
protect healthcare information
what is PCI-DSS regulations
PROTECTS CREDIT CARD data
how you can protect intellectual property
patentts, trademark, copyrights
what is cryptography
the stude andapplication og methods and techniques to protect information by using codes for secure infromation
what is cryptography
the study and application of methods and techniques to protect information by using codes for secure communication
what are the two main cateogires for cryptography
1- symmetric encryption
2- Asymmetric encrption
what is symetric cryptography
it also called private key encryption ( uses same key for encription and decryption
-the length determines the strength of the encryption (Ex- AES - Popular encryption algorythim)
what is ciphertext
it is encrypted text created after using the secret code for encoding ( think of same key needed)
what is asymmetric cyptography
it is a public key cryptography
-encrypt document using public key - and destination uses a secret key
What happens in hashing
hashing created a fixed sized “summary” to ensure file integrity . an example of hashing digital signatures