Section 1: Fundamentals of Security Flashcards
Act of protecting data and information from unauthorized access, unlawful modification and disruptions, disclosure, and corruption, and destruction.
Information Security
Act of protecting the systems that hold and process the critical data. i.e computer, server, network device, smartphone, etc.
Information Systems Security
Comprises the three pillars of information security that experts use to identify and reduce vulnerabilities in security systems.
CIA Triad
Ensures that information is only accessible to those with the appropriate authorization
Confidentiality
Ensures that data remains accurate and unaltered unless modification is required.
Integrity
Ensures that information and resources are accessible and functional when needed by authorized users
Availability
Concept that ensures that a party cannot deny the authenticity of their actions in a digital transaction
Non-repudiation
three processes that make up a security framework for cybersecurity.
Authentication, Authorization and Accounting - AAA
Process of verifying the identity of a user or system.
Authentication
Determines what actions or resources a user can access.
Authorization
Act of tracking user activities and resource usage, typically for audit or billing purposes.
Accounting
Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data.a set of security measures that limit who can access an organization’s data and resources.
Security Controls
Security model that operates on the principle that no one, whether inside or outside the organization, should be trusted by default.
Zero Trust
part of a network that controls how data packets are forwarded — meaning how data is sent from one place to another.
Control Plane
Also called the forwarding plane and it forwards the packets. Is more like the cars that drive on the roads, stop at the intersections, and obey the stoplights.
Data Plane
Anything that could cause harm, loss, damage, or compromise to information technology systems. Come from external sources.
Threat
Any weakness in the system design or implementation. They come from internal factors, such as software bugs, misconfigured software, improperly protected network devices, missing security patches, lack of physical security. These are within our control.
Vulnerabiliy
Finding different ways to minimize the likelihood of an outcome occurring and achieve the desired outcomes.
Risk Management
Refers to the protection of information from unauthorized access and disclosure.
Confidentiality
What are the 5 methods to ensure confidentiality
Encryption, Access Control, Data Masking, Physical Security, and. Training Awareness.
This concept is important to achieve because of 3 main reasons; protect personal privacy, maintain a business advantage, and achieve regulatory compliance.
Confidentiality
Concept which is important for ensuring data accuracy, maintain trust, and ensure system operability.
Integrity
Number one way that your are going to see the maintenance of integrity for all the data, software, and networks.
Hashing
Process of converting data into fixed-sized value. Resulting of a fixed-length string of bits called hash digest.
Hashing
