Section 1: Fundamentals Of Security Flashcards
Information security
Protecting data and information from unauthorized access, modification,disruption,disclosure , and destruction
Information systems security
Protecting the systems (computers, servers, network devices) that hold and process critical data.
CIA Triad
Confidentiality
Integrity
Availability:
CIANA Pentagon
Extension of the CIA Triad with the addition of:
Non-Repudiation
Authentication
Triple A’s of Security (AAA Model)
Authentication
Authorization
Accounting
Zero Trust Model
Operates on the principle that no one should be trusted by default
Control Plane
Adaptive identity, threat scope reduction, policy-driven access control, secured zones.
Data Plane
Subject/system, policy engine, policy administrator, policy enforcement points
Security Control Categories
Technical Controls
Managerial Controls
Operational Controls
Physical Controls
Security Control Types
Preventive: Stops attacks before they happen.
Deterrent: Discourages malicious activity.
Detective: Identifies security incidents.
Corrective: Restores systems after an incident.
Compensating: Alternative measures when primary controls aren’t feasible.
Directive: Enforces organizational policies and compliance.
Threats & Vulnerabilities
Threat: Anything that could cause harm, loss, damage, or compromise to IT systems.
Vulnerability: Any weakness in the system design or implementation, originating from internal factors.
Risk Management
Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome.
Gap Analysis
Evaluating the differences between an organization’s current and desired performance.
Types of Gap Analysis
Technical Gap Analysis
Business Gap Analysis
Plan of Action and Milestones (POA&M)
Outlines measures to address vulnerabilities, allocate resources, and set timelines.
Confidentiality
Protecting information from unauthorized access and disclosure
Methods of Confidentiality
Encryption
Access Controls
Data Masking
Physical Security Measures
Training & Awareness
Integrity
Ensuring data remains accurate and unaltered unless intentionally modified by an authorized individual.
Methods of Integrity
Hashing
Digital Signatures
Checksums
Access Controls
Regular Audits
Availability
Ensuring that information, systems, and resources are accessible when needed.
Redundancy Types of Availabilty
Server Redundancy
Data Redundancy
Network Redundancy
Power Redundancy
Non-Repudiation
Providing undeniable proof in digital transactions, ensuring individuals/entities cannot deny their participation.
Method of Non-Repudiation
Digital Signatures
Authentication
Security measure ensuring individuals/entities are who they claim to be.
Method of Authentication
Knowledge Factor (Something you know)
Possession Factor (Something you have)
Inherence Factor (Something you are)
Action Factor (Behavioral biometrics)
Location Factor (Where you are)
Multi-Factor Authentication (MFA) (Combining multiple factors)
Authorization
The permissions and privileges granted to users after authentication.
Accounting
Ensuring all user activities are properly tracked and recorded
Technology of Accounting
Syslog Servers
Network Analysis Tools
Security Information and Event Management (SIEM) Systems