S2 - FUNDAMENTOS Flashcards
Diferença entre Information Security e Information System Security
Information data = protecting the DATA / Information Systems Security = DEVICES that hold the data
Whats the difference betwen Threat and Vulerability? Talk about risk management
Threat is an external factor and vulnerability is internal. You have control over vulnerabilities. The Intersection betwen these is where the risk is. Our job is to avoid this intersection and midigate the damage in case it happens
Confidentiality is linked with ____________ ? Explain
Encryption. Confientiality is to proct data from unauthorized users, encyption is the most common
Integrity is linked with ___________ ? Explain
Hashing. Integrity is the trust that the file or data hasn’t been modified or corrupted, hash is a value attributed to the file that changes based on the content. Integrity reminds trust
Availability is linked with ___________ ? Explain
Redundancy, the “backup” network, server, data, power supply. All those factors ensure that the system stays available for the most time possible. Anti falhas
Explain Non-repudiation and how we can secure it
Non-repudiation is the undeniable proof in digital transactions, like a SIGNATURE. To ensure this on the digital world we can use a DIGITAL SIGNATURE, wich also ensure the INTEGRITY using hash with a signature
Explain Authentication and its importance
Authentication is the way that we verify that the user is who him claim to be. Like username and password, 2FA, MFA and so on.
Define Authorization, and the diference betwen authentication
Authorization is how the system let you do what you can do with your role. It dictates, based on AUTHENTICATION what you can and cant do on a system.
Accountability: What is and why is it important
Accountability is LOGGING EVERYTHING. So you can analyse the system in a case of a flaw or if you are trying to increase the performance in some way. It also prevents users doing wrong things
There are four security control categories. Name at least 3
Techical (firewall, antivirus, etc), Managerial (strategic planning and governance side of sec), Operational (change pw each 90 days, curso pra usuarios) and Physical (guardds, and physcal sec in server, datacenter, etc)
Wich type of controls do we have?
Preventive, Deterrent (placa), Detective, Corrective, Compensating, Directive
What is a Gap Analysis
Gap analysis é a analise do gap entre uma tecnologia ou implementação que voce quer fazer com o que vc tem atualmente.
Define Zero Trust
Zero trust is a cybersec approach that assumes that no one is trusted by default, no matter the location. Requires cotinuous verificaction to access and operate on the system.
