Midterm Flashcards
C.I.A stands for…?
Confidentiality
Integrity
Availability
it offers a high level of assurance that data, objects, or resources are restricted from unauthorized subjects.
Confidentiality
Confidentiality and integrity depend on each other. Without object integrity, confidentiality cannot be maintained.
True or False?
True
Aspects of Confidentiality (8)
- Sensitivity
- Discretion
- Criticality
- Concealment
- Secrecy
- Privacy
- Seclusion
- Isolation
refers to the quality of information, which could cause harm or damage if disclosed. Maintaining confidentiality of sensitive information helps to prevent harm or damage.
Sensitivity
is an act of decision where an operator can influence or control disclosure in order to minimize harm or damage.
Discretion
The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information.
Criticality
is the act of hiding or preventing disclosure.
is viewed as a means of cover, obfuscation, or distraction.
Concealment
is the act of keeping something a secret or preventing the disclosure of information.
Secrecy
refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.
Privacy
involves storing something in an out-of-the-way location. This location can also provide strict access controls. Can help enforcement confidentiality protections.
Seclusion
is the act of keeping something separated from others.
Can be used to prevent commingling of information or disclosure of information.
Isolation
it offers a high level of assurance that the data, objects, and resources are unaltered from their original protected state.
Alterations should not occur while the object is in storage, in transit, or in process.
Integrity
Integrity can be examined from three perspectives: (3)
possible question? Not sure
- Preventing unauthorized subjects from making modifications.
- Preventing authorized subjects from making unauthorized modifications, such as mistakes
- Maintaining the internal and external consistency of objects so that their data is a correct and true relection of the real world.
Authorized subjects are granted timely
and uninterrupted access to objects.
Includes efficient uninterrupted access to objects and prevention of denial-of-service (DoS) attacks.
Availability
Other Security Concepts (6 ,by order)
- Identification
- Authentication
- Authorization
- Auditing
- Accountability
- Nonrepudiation
is the process by which a subject professes an identity and accountability is initiated.
Identification
The process of verifying or testing that the claimed identity is valid.
Requires from the subject additional information that must exactly correspond to the identity indicated.
Authentication
Once a subject is authenticated, access must be authorized.
Authorization
or monitoring, is the programmatic means by which a subject’s actions are tracked and recorded for the purpose of holding the subject accountable for their actions while authenticated on a system.
Auditing
relies on the capability to prove a subject’s identity and track their activities.
Accountability
ensures that the subject of an activity or event cannot deny that the event occured.
Nonrepudiation
Protection Mechanisms: (3)
- Layering
- Abstraction
- Data Hiding
also known as defense in depth, is simply the use of multiple controls in a series.
Using a multilayered solution allows for numerous, different controls to guard against whatever threats come to pass.
Layering
