Objective 1.2 Flashcards
Summarize fundamentals security concepts
Confidentiality
Ensures that information is only accessible to those with the appropriate authorization. (Ex: exncryption)
CIA Triad
C - Confidentiality
I - Integrity
A - Availability
Integrity
Ensures the data remains accurate and unaltered unless modification is required. (Ex: checksums, hashing)
Availability
Ensures that information resources are accessible and functional when needed by authorized users. (ex: website up and running all the time regardless the traffic it’s receiving.)
Non-repudiation
Guaranteeing that specific action or event has taken place and cannot be denied by the parties involved. (Ex: A digitally signed email. That’s going to ensure that I cannot deny sending you that particular message because my digital signature is attached to it)
New to CIANA Triad making it a pentagon
CIA
N - Non-repudiation
A - Authentication
AAA
Authentication
Authorization
Accounting
Authentication
Process of verifying the identity of a user or system.
Authorization
Defines what actions or resources a user can access.
Accounting
Act of tracking user activities and resources usage, typically for audit or billing purpose.
Security Controls
Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data.
Security Controls Categories
Technical
Managerial
Operational
Physical
Types of Security Controls
Preventative
Deterrent
Detective
Corrective
Compensating
Directive
Zero Trust
Security model that operates on the principle that no one, whether inside or outside the organization, should be trusted by default.
ZeroTrust: Control Plane
Consists of adaptative identity, threat scope reduction, policy-driven access control, and secured zones.
ZeroTrust: Data Plane
Focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points.
Confidentiality importance
- Protect personal privacy
- Maintaint a business advantage
- Achieve a regulatory compliance
5 methods to achieve CONFIDENTIALITY
- Encryption
- Access Control
- Data Masking
- Physical Secutiry Measures
- Training and Awareness
Access Controls
Ensure only authorized personnel can access certain types of data
Encryption
Process of converting data into code to prevent unathorized access
Data Masking
Method that involves obscuring data within a database to make it inacessible for unauthorized users while retaining the real data’s authencity and use for authorized users.
Physical Security Measures
Used to ensure confidentiality for physical types of data and for digital information contained on servers and workstations.
Training and Awareness
Conduct regular training on the security awareness best practices that employees can use to protect the organization’s sesitive data.
most important thing linked to Confidentiality
ENCRYPTION
Integrity importance
- Ensure DATA ACCURACY
- Maintain TRUST
- Maintain SYSTEM OPERABILITY
5 methods to achieve INTEGRITY
- Hashing
- Digital Signatures
- Checksums
- Access Controls
- Regular Audits
Hashing
Process of converting data into fixed-size value.