Intro to Security Concepts Flashcards
Week 3
What is the AAA Model in cybersecurity?
The AAA Model stands for Authentication, Authorization, and Accounting, ensuring secure access control and tracking user activity.
What is a Gap Analysis?
A Gap Analysis identifies differences between current security measures and desired standards to improve cybersecurity posture.
What is ISO 27001?
ISO 27001 is an international standard for information security management, helping organizations protect sensitive data.
What is the NIST Cybersecurity Framework (CSF)?
NIST CSF is a security framework that helps organizations identify, protect, detect, respond to, and recover from cyber threats.
What is Zero Trust?
Zero Trust is a security model that assumes no user or device is automatically trusted, requiring continuous verification.
What is a Zero-Day Vulnerability?
A Zero-Day Vulnerability is a security flaw unknown to vendors, leaving systems exposed to attacks until patched.
What is PII (Personally Identifiable Information)
PII is any data that can identify an individual, such as names, addresses, Social Security numbers, and biometric data.
What types of information are PII?
PII includes names, emails, phone numbers, government IDs, financial data, biometric records, and personal addresses.
How does PII relate to cybersecurity?
Protecting PII is a key cybersecurity goal to prevent identity theft, fraud, and privacy breaches.
What is a Data Breach?
A Data Breach occurs when sensitive or confidential data is accessed, stolen, or exposed without authorization.
Are Security and Data Breaches the same?
No. Security breaches are unauthorized access attempts, while data breaches involve stolen or exposed sensitive data.
What is Deception & Disruption Technology?
Cyber tools that mislead attackers, detect threats, and disrupt malicious activity before damage occurs.
What is Ethics in cybersecurity?
Cybersecurity ethics ensures responsible use of technology, protecting privacy, data integrity, and preventing harm.
Ethical hacking is characterized by which of the following?
Testing security systems with permission
What is the FIRST action you should take in response to an unauthorized intrusion into the network?
Preserve evidence and begin documenting the incident.
What is a key principle of the Zero Trust security model?
Never trust, always verify
What is the focus of the ISO/IEC 27001 standard?
Information security management
What is the primary goal of conducting a gap analysis in cybersecurity?
Identifying the differences between current and desired security postures
Which component of the AAA model is responsible for determining what an authenticated user is allowed to do?
Authorization
What does the Integrity component of the CIA Triad primarily ensure?
Data is trustworthy and complete
What is the primary role of a honeypot in security architecture?
To attract and monitor potential attackers
What technology can be used to analyze real-life attack patterns?
Honeypot
