Lesson 1: Comparing Security Roles and Security Controls Flashcards
What does Information Security (InfoSec) refer to?
The protection of data resources from unauthorized access, attack, theft, or damage.
What is the protection of data resources from unauthorized access, attack, theft, or damage referred to as?
Information Security (InfoSec).
How many properties comprise Secure Information?
Three.
What are the properties of Secure Information referred to as?
CIA Triad.
The CIA Triad are referred to as the properties of what?
Secure Information.
What does CIA Triad stand for?
Confidentiality, Integrity, Availability.
What is the CIA Triad also referred to as?
AIC.
AIC is also referred to as?
CIA Triad.
Define Confidentiality.
Certain information should only be known to certain people.
What word explains that certain information should only be known to certain people.
Confidentiality.
Define Integrity.
Data is stored and transferred as intended and that any modification is authorized.
What word explains that data is stored and transferred as intended and that any modification is authorized?
Integrity.
Define Availability.
Information is accessible to those authorized to view or
modify it.
What word explains that information is accessible to those authorized to view or
modify it.
Availability.
What is an example of another property that secure systems should exhibit?
Non-repudiation.
Define non-repudiation.
A subject cannot deny doing something, such as creating, modifying, or
sending a resource.
What word explains that a subject cannot deny doing something, such as creating, modifying, or sending a resource.
Non-repudiation.
What does cybersecurity refer to?
Provisioning secure processing hardware and software.
What is the provisioning secure processing hardware and software referred to as?
Cybersecurity.
How many functions can information and cyber security be classified as?
Five.
Who developed the functions that information and cyber security be classified as?
National Institute of Standards and Technology (NIST).
What is the National Institute of Standards and Technology (NIST) known for?
Developing the functions that classify information and cyber security functions.
What are the five functions that classify information and cyber security?
Identify, Protect, Detect, Respond, Recover.
Based on NIST, define Identify.
Develop security policies and capabilities that evaluate risks, threats, and
vulnerabilities and recommend security controls to mitigate them.
Based on NIST, what is defined as the development of security policies and capabilities to evaluate risks, threats, and
vulnerabilities and recommend security controls to mitigate them.
Identify.
Based on NIST, define Protect.
Procure/develop, install, operate, and decommission IT hardware and
software assets with security as an embedded requirement of every stage of this operations life cycle.
Based on NIST, what is defined as the procurement/development, install, operate, and decommission IT hardware and software assets with security as an embedded requirement of every stage of this operations life cycle.
Protect.
Based on NIST, define detect.
Perform ongoing, proactive monitoring to ensure that controls are effective
and capable of protecting against new types of threats.
Based on NIST, what is defined as performing ongoing, proactive monitoring to ensure that controls are effective
and capable of protecting against new types of threats.
Detect.
Based on NIST, define respond.
Identify, analyze, contain, and eradicate threats to systems and data security.
Based on NIST, what is defined as identify, analyze, contain, and eradicate threats to systems and data security.
Respond.
Based on NIST, define recover.
Implement cybersecurity resilience to restore systems and data if other
controls are unable to prevent attacks.
Based on NIST, what is defined as implementing cybersecurity resilience to restore systems and data if other
controls are unable to prevent attacks.
Recover.
What are some information security competencies?
-Risk assessments, test security systems, make recommendations.
-Specify, source, install, and configure secure devices and software.
-Set up/maintain document access control and user privilege profiles.
-Monitor audit logs, review user privileges, and document access controls.
-Manage security-related incident response and reporting.
-Create and test business continuity and disaster recovery plans/procedures.
-Participate in security training and education programs.
Define security policy.
A formalized statement that defines how security will be implemented within an organization.
What does a security policy describe?
The means the organization will take to protect the confidentiality, availability, and integrity of sensitive data and resources.
What are the typical information security roles?
-Chief Information Security Officer (CISO)
-Information Systems Security Officer (ISSO)
-managers, users