Lesson 1 Flashcards
what is information security?
state of data, action that an org needs to take, best practices against unknown/unnamed threats
assets should be protected in this order (highest to lowest)
people -> data -> hardware/software
compliance does not mean
secure
parkerian hexad model includes
confidentiality
integrity
availability
possession/control
authenticity
utility
refers to the proper attribution as the owner or creator of the data in question
parkerian hexad - authenticity
describes how useful some data is
parkerian hexad - utility
attack type allows attacked to intercept data as it’s being processed, against confidentiality
interception
attack type make assets unusable/unavailable on temporary or permanent basis, against availability and integrity
interruption
attack type that involves tampering with an asset, against availability and integrity
modification
attack type that involves generating data, processes, communications, or other activities within a system, against integrity and availability
fabrication
likelihood an event will occur, requires threat and vulnerability
risk
events that could cause damage to assets
threat
weakness that a threat event or agent can take advantage of
vulnerability
additional step that is taking into account an asset’s cost following an event
impact
risk management steps
identify assets
identify threats
assess vulnerabilities
assess risks
mitigate risks
measures used to alleviate risk
controls - physical, logical, administrative
examples of this type of control include locks, doors, guards
physical
examples of this type of control include firewalls, IDS, IPS
logical/(technical)
examples of this type of control include governance policies (acceptable use, etc.)
administrative
incident response steps
preparation
detection and analysis
containment
eradication
recovery
post incident activity
