Module 2 - 02-2 Flashcards
The CIA Triad: Confidentiality, Integrity, and Availability
Define Security Posture
An organization’s ability to manage its defense of critical assets and data and react to change
What is a core security model?
CIA Triad
Define CIA Triad
A model that helps inform how organizations consider risk when setting up systems and security policies
What does CIA stand for?
i. Confidentiality
ii. Integrity
iii. Availability
What are the three core principles of the CIA Triad?
i. Confidentiality
ii. Integrity
iii. Availability
Define Confidentiality
Only authorized users can access specific assets or data
Sensitive data should be available on a “need to know” basis
What design principle can be implemented in an organization to enhance Confidentiality?
Principle of Least Privilege
Define the Principle of Least Privilege
Limits users’ access to only the information they need to complete work-related tasks
Define Integrity
The data is verifiably correct, authentic, and reliable
What is an example to verify data Integrity?
Cryptography
Define Cryptography
To transform data so unauthorized parties cannot read or tamper with it (NIST, 2022)
What is an example of how an organization might implement Integrity?
By enabling Encryption
Define Encryption
The process of converting data from a readable format to an encoded format
Define Availability
The data is accessible to those who are authorized to access it
The CIA triad is a model that helps inform how organizations consider _____ when setting up systems and security policies.
- access
- assets
- data
- risk
risk
Match each CIA triad component to the correct scenario: You must use two-factor authentication before signing into an employee portal.
CIA triad component
Confidentiality
Integrity
Availability
Confidentiality
Match each CIA triad component to the correct scenario:
You recently shopped at Store Y and verify you were charged correctly.
CIA triad component
Confidentiality
Integrity
Availability
Integrity
Match each CIA triad component to the correct scenario:
You frequently sign into your bank account to check your balances.
CIA triad component
Confidentiality
Integrity
Availability
Availability
What is the CIA triad?
A set of security controls used to update systems and networks
A foundational security model used to set up security policies and systems
Ongoing validation processes involving all employees in an organization
A mandatory security framework involving the selection of appropriate controls
The CIA triad is a foundational security model used to set up security policies and systems. The core principles of the model are confidentiality, integrity, and availability.
Which element of the CIA triad specifies that only authorized users can access specific information?
Confidentiality
Confirmation
Integrity
Access
Confidentiality specifies that only authorized users can access specific information.
A security analyst discovers that certain data is inaccessible to authorized users, which is preventing these employees from doing their jobs efficiently. The analyst works to fix the application involved in order to allow for timely and reliable access. Which element of the CIA triad does this scenario describe?
Applicability
Integrity
Capacity
Availability
Availability
This scenario describes availability. Availability specifies that data is accessible to authorized users.
According to the CIA triad, _____ refers to ensuring that an organization’s data is verifiably correct, authentic, and reliable.
Availability
Accuracy
Credibility
Integrity
Integrity