Sec+ Chapter 01: Today's Security Professional Flashcards
CIA triad
Confidentiality: Disallow unauthorized people from accessing sensitive info
Integrity: No unauthorized modification
Availability: Info and systems are ready to meet the needs of legit users when they need them
Security incident
When an org experiences a breach in one or more of the CIA triad
DAD triad
Disclosure: Inverse confidentiality
Alteration: Inverse Integrity
Denial: Inverse availability
Financial risk
Risk of monetary damage to the org as a result of a data breach
Reputational risk
Negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers, and stakeholders
Strategic risk
The risk that an org will not be able to carry out its business plans as a result of a breach
Operational risk
Risk to an org’s ability to carry out day to day functions
Compliance risk
When a breach causes an org to run afoul of legal or regulatory requirements
Control objectives
Statements written by an org about their desired state of security, but don’t actually carry out security activities
Security controls
Specific measures that fulfill the security objectives of an org
Technical controls
Our own tech systems to prevent security events
EX: Firewall rules, access control list (ACL), IPS, encryption
Operational controls
Controls managed by people
EX: Security guards, awareness programs
Managerial controls
Focuses on the design of security or policy implementation associated with the security
EX: Periodic risk assessments, security planning exercises, incorporation of security into the org, standard operating procedures
Preventive controls
Prevents access to a particular area
EX: Firewalls, door lock, security guard
Detective controls
Identify and record security events that have already happened
EX: IDS, motion detectors
