Section 1 Flashcards
Threat
Anything that could cause harm, loss, damage, or compromise to our information technology systems
Ex.
Natural disasters
Cyber-attacks
Data integrity breaches
Disclosure of confidential information
Vulnerability
Any weakness in the system design or implementation
Ex.
● Software bugs
● Misconfigured software
● Improperly protected network devices
● Missing security patches
● Lack of physical security
Threat and Vulnerability
Threat + Vulnerability = Risk
Confidentiality
Refers to the protection of information from unauthorized access and disclosure
Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes
THINK ENCRYPTION
Encryption
Process of converting data into a code to prevent unauthorized access
Integrity
Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorized individual
Verifies the accuracy and trustworthiness of data over the entire lifecycle
THINK HASHING
Hashing
Process of converting data into a fixed-size value
Availability
Ensure that information, systems, and resources are accessible and operational when needed by authorized users
Redundancy
Duplication of critical components or functions of a system with the intention of enhancing its reliability
Non-repudiation
Focused on providing undeniable proof in the world of digital transactions
THINK DIGITAL SIGNATURES
Digital Signatures
Considered to be unique to each user who is operating within the digital domain
Authentication
Security measure that ensures individuals or entities are who they claim to be during a communication or transaction
-Knowledge Factor
-Possession Factor
-Inherence Factor
-Action Factor
-Location Factor
Multi-Factor Authentication System (MFA)
Security process that requires users to provide multiple methods of identification
to verify their identity
Accounting
Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded
-Syslog Servers
-Network Analysis Tools
Security Information and Event Management Systems
Authorization
Pertains to the permissions and privileges granted to users or entities after they have been authenticated
Technical Controls
Technologies, hardware, and software mechanisms that are implemented
to manage and reduce risks
Managerial Controls
Involve the strategic planning and governance side of security
Operational Controls
Procedures and measures that are designed to protect data on a
day-to-day basis
Physical Controls
Tangible, real-world measures taken to protect assets
Preventive Controls
Proactive measures implemented to thwart potential security threats or
breaches
Deterrent Controls
Discourage potential attackers by making the effort seem less appealing
or more challenging
Detective Controls
Monitor and alert organizations to malicious activities as they occur or shortly thereafter
Corrective Controls
Mitigate any potential damage and restore our systems to their normal
state
Compensating Controls
Alternative measures that are implemented when primary security
controls are not feasible or effective
