Section 1: Fundamentals Of Security Flashcards

1
Q

Information security

A

Protecting data and information from unauthorized access, modification,disruption,disclosure , and destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information systems security

A

Protecting the systems (computers, servers, network devices) that hold and process critical data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CIA Triad

A

Confidentiality
Integrity
Availability:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CIANA Pentagon

A

Extension of the CIA Triad with the addition of:
Non-Repudiation
Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Triple A’s of Security (AAA Model)

A

Authentication
Authorization
Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Zero Trust Model

A

Operates on the principle that no one should be trusted by default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Control Plane

A

Adaptive identity, threat scope reduction, policy-driven access control, secured zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Plane

A

Subject/system, policy engine, policy administrator, policy enforcement points

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security Control Categories

A

Technical Controls
Managerial Controls
Operational Controls
Physical Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security Control Types

A

Preventive: Stops attacks before they happen.

Deterrent: Discourages malicious activity.

Detective: Identifies security incidents.

Corrective: Restores systems after an incident.

Compensating: Alternative measures when primary controls aren’t feasible.

Directive: Enforces organizational policies and compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Threats & Vulnerabilities

A

Threat: Anything that could cause harm, loss, damage, or compromise to IT systems.

Vulnerability: Any weakness in the system design or implementation, originating from internal factors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Risk Management

A

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Gap Analysis

A

Evaluating the differences between an organization’s current and desired performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Types of Gap Analysis

A

Technical Gap Analysis
Business Gap Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Plan of Action and Milestones (POA&M)

A

Outlines measures to address vulnerabilities, allocate resources, and set timelines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Confidentiality

A

Protecting information from unauthorized access and disclosure

17
Q

Methods of Confidentiality

A

Encryption
Access Controls
Data Masking
Physical Security Measures
Training & Awareness

18
Q

Integrity

A

Ensuring data remains accurate and unaltered unless intentionally modified by an authorized individual.

19
Q

Methods of Integrity

A

Hashing
Digital Signatures
Checksums
Access Controls
Regular Audits

20
Q

Availability

A

Ensuring that information, systems, and resources are accessible when needed.

21
Q

Redundancy Types of Availabilty

A

Server Redundancy
Data Redundancy
Network Redundancy
Power Redundancy

22
Q

Non-Repudiation

A

Providing undeniable proof in digital transactions, ensuring individuals/entities cannot deny their participation.

23
Q

Method of Non-Repudiation

A

Digital Signatures

24
Q

Authentication

A

Security measure ensuring individuals/entities are who they claim to be.

25
Q

Method of Authentication

A

Knowledge Factor (Something you know)

Possession Factor (Something you have)

Inherence Factor (Something you are)

Action Factor (Behavioral biometrics)

Location Factor (Where you are)

Multi-Factor Authentication (MFA) (Combining multiple factors)

26
Q

Authorization

A

The permissions and privileges granted to users after authentication.

27
Q

Accounting

A

Ensuring all user activities are properly tracked and recorded

28
Q

Technology of Accounting

A

Syslog Servers
Network Analysis Tools
Security Information and Event Management (SIEM) Systems