Lesson 1: Fundamental Security Concepts and Frameworks Flashcards
What is information security?
The practice of protecting data resources from unauthorized access, attacks, theft, or damage, ensuring confidentiality, integrity, and availability of information.
Why is information security important?
It is crucial for maintaining trust and compliance with legal and regulatory requirements, safeguarding sensitive data from breaches.
What does the CIA Triad stand for?
Confidentiality, Integrity, Availability
What is the purpose of Confidentiality in information security?
Ensures that only authorized individuals can access sensitive information, often implemented through encryption and access controls.
What is the purpose of Integrity in information security?
Guarantees that data is accurate and unaltered during storage and transmission, using techniques like checksums and hashing.
What is the goal of Availability in information security?
Ensures that information is accessible to authorized users when needed, often supported by redundancy and failover systems.
What is Non-Repudiation?
A principle that ensures individuals cannot deny their actions, such as creating or modifying data, often implemented through digital signatures and logging.
What is the purpose of a cybersecurity framework?
Provides guidelines for securing processing hardware and software, ensuring a structured approach to managing cybersecurity risks.
It helps organizations establish a baseline for security practices and compliance with industry standards.
What are the five functions of the NIST Cybersecurity Framework?
- Identify
- Protect
- Detect
- Respond
- Recover
In the NIST Cybersecurity Framework, what is the purpose of Identify?
Develop security policies and evaluate risks to understand the organization’s security posture.
In the NIST Cybersecurity Framework, what is the purpose of Protect?
Implement measures to secure IT hardware and software throughout their lifecycle, including access controls and encryption.
In the NIST Cybersecurity Framework, what is the purpose of Detect?
Monitor systems and controls to identify potential threats and vulnerabilities in real-time.
In the NIST Cybersecurity Framework, what is the purpose of Respond?
Develop and implement response plans to analyze and eradicate threats effectively.
In the NIST Cybersecurity Framework, what is the purpose of Recover?
Restore systems and data after an attack, ensuring business continuity and minimal downtime.
What is gap analysis in the context of cybersecurity?
Identifies deviations between an organization’s current security systems and required framework standards, highlighting areas for improvement.
What is the purpose for doing a gap analysis?
It serves as a tool for organizations to objectively evaluate their cybersecurity capabilities and prioritize investments in security measures.
What processes are involved in gap analysis?
Assessing existing controls against best practices and regulatory requirements, resulting in a report of deficiencies.
What is the expected outcome from a gap analysis?
The expected outcome is that recommendations for remediation are provided which will guide the organization on how to enhance their security posture effectively.
What is Access Control?
Ensures that information systems align with the goals of the CIA triad, protecting sensitive data from unauthorized access.
What are the key processes involved in Access Control?
- Identification
- Authentication
- Authorization
- Accounting
In Access Control, what is the purpose of Identification?
Involves creating unique identifiers for users, devices, or processes to establish a baseline for access.
In Access Control, what is the purpose of Authentication?
Verifies the identity of users through credentials such as passwords or digital certificates.
In Access Control, what is the purpose of Authorization?
Determines and enforces access rights based on established models. (ex. Discretionary, Mandatory)
In Access Control, what is the purpose of Accounting?
Involves tracking and monitoring authorized usage, alerting on any unauthorized access attempts.
What are the categories of security controls?
- Managerial Controls
- Operational Controls
- Technical Controls
- Physical Controls
In Security Controls, what is the purpose of the Managerial Controls?
Provide an example
Focus on oversight and risk management. (ex. Risk Assessments)
In Security Controls, what is the purpose of the Operational Controls?
Provide an example
Primarily implemented by personnel. (ex. Training programs, Security Guards)
In Security Controls, what is the purpose of the Technical Controls?
Provide an example
Enforced through technology. (ex. Firewalls, Antivirus Software)
In Security Controls, what is the purpose of the Physical Controls?
Provide an example
Protect physical assets. (ex. Locks, Alarms)
What are the functional types of security controls?
- Preventive Controls
- Detective Controls
- Corrective Controls
- Directive Controls
- Deterrent Controls
- Compensating Controls
For Security Control Functions, what is the purpose of the Preventive Controls?
Provide an example
Aim to eliminate or reduce the likelihood of an attack. (ex. Firewalls, Antimalware)
For Security Control Functions, what is the purpose of the Detective Controls?
Provide an example
Identify and record intrusions during an attack. (ex. Intrusion Detection Systems)
For Security Control Functions, what is the purpose of the Corrective Controls?
Provide an example
Mitigate the impact of security breaches after they occur. (ex. Backup Systems)
For Security Control Functions, what is the purpose of the Directive Controls?
Provide an example
Establish rules of behavior. (ex. Security Policies)
For Security Control Functions, what is the purpose of the Deterrent Controls?
Provide an example
Discourage potential intrusions. (ex. Warning Signs)
For Security Control Functions, what is the purpose of the Compensating Controls?
Provide an example
Provide alternative methods to achieve security objectives when primary controls are not feasible. (ex. Backup Generator)
What role is the CIO?
Chief Information Officer
Who is the Chief Information Officer (CIO)?
Holds overall responsibility for IT and security strategy within the organization.
What role is the CSO?
Chief Security Officer
What role is the CISO?
Chief Information Security Officer
What are the responsibilities of the Chief Security Officer (CSO) / Chief Information Security Officer (CISO)?
Manages dedicated security departments and oversees security initiatives.
What role do Managers play in information security?
Responsible for specific domains, ensuring compliance with security policies in their areas.
What is a Security Operations Center (SOC)?
Monitors and protects critical information assets, providing real-time threat detection and response.
What is the purpose of DevSecOps?
Integrates security practices into software development and deployment processes, ensuring security is prioritized throughout the lifecycle.
What is the function of incident response teams?
Handles security incidents and notifications, often organized into teams like CIRT, CSIRT, and CERT.
Fill in the blank: Non-repudiation is vital in _______ contexts.
legal
