Intro Flashcards
What does the ‘C’ in the CIA triad stand for?
Confidentiality
Confidentiality means only authorized and approved entities are able to read data.
What is the main focus of Integrity in the CIA triad?
Validity or accuracy of data
Integrity ensures that information can only be altered by those authorized to do so and that it remains in its original state.
What does Availability in the CIA triad ensure?
Information is on hand whenever/wherever it is needed
Availability ensures that information is accessible only to those authorized to access it, quickly.
What are controls in the context of information security?
Things we do to keep our assets safe (countermeasures)
Controls can be applied to people, processes, or technology and can be automated or manual.
What is a Detective control?
Used to observe errors, events or actions
Detective controls help identify security incidents after they occur.
Define Preventative controls.
Proactively prevent errors, events or actions BEFORE they happen
These controls aim to stop security incidents before they occur.
What is the difference between Information Security and Cybersecurity?
Information Security: Protection of info and its critical elements; Cybersecurity: Protection against unauthorized use of electronic data
Information Security focuses on confidentiality, availability, and quality of stored information, while Cybersecurity protects assets from unauthorized access.
What does the Defense in Depth strategy entail?
Many layers of security are needed
This multifaceted approach includes physical access, network security, user security, software, hardware, policy, and procedural safeguards.
What is the Zero Trust model?
Don’t assume everything inside your network is secure
The Zero Trust model emphasizes validating interactions at every stage and eliminating implicit trust relationships.
What is meant by ‘Think like an Adversary’?
Understanding tactics, motivations, and capabilities of potential attackers
This involves modeling threats and conducting penetration tests.
Fill in the blank: A _______ is an act that can impact CIA.
Attack
What is a Vulnerability in the context of information security?
Potential weakness to be exploited
Vulnerabilities can be exploited by attackers to gain unauthorized access.
What are the different states of information?
Storage, transmission, and processing
These states represent how information is handled within an organization.
What are potential costs associated with cybersecurity breaches?
- Cost of lost information assets
- Rebuilding of infrastructure
- Legal fees, penalties
- Lost productivity
- Reputation damage
These costs can have a significant impact on an organization’s financial health.
What can enhance an organization’s competitive advantage in cybersecurity?
- Enhanced reputation
- Faster recovery times
- Differentiation from competitors
Sound policies and technology can help organizations navigate challenges and maintain an edge.