Section 2 Flashcards
What is Risk Management in Cyber Security?
- Provide continuity of service to end users
- Maintain security of systems
- Protect from data breaches
- minimize vulnerabilities
- mitigate damage caused by a threat through mitigation actions
Describe Confidentiality.
Protection of information from unauthorized access and disclosure.
ex. Encryption
Why is Confidentiality important?
- Protects personal Privacy
- Maintain Business advantage
- Achieve Regulatory compliance
Name 5 methods to ensure Confidentiality.
- Encryption
- Access Controls
- Data Masking
- Physical Security Measures
- Training & Awareness
Encryption
Process of converting data into code to prevent unauthorized access.
Access Controls
User permissions that ensure only authorized personnel can access certain data.
Data Masking
Obscuring data for unauthorized users while maintaining authenticity and use for authorized users.
Physical Security Measures
Physical measures used to protect both physical and digital data.
Ex. Cameras, Biometric scanners, keycards, door locks, cabinet locks etc.
Training & Awareness
Training personnel on security awareness & best practices to mitigate human error and protect sensitive data.
Describe Integrity
Verifies the Accuracy and Authenticity of Data over the entire lifecycle.
Why is Integrity important?
- Ensure data Accuracy
- Maintain Trust
- Ensure System operability
Name 5 Methods to ensure Integrity
- Hashing
- Digital Signatures
- Checksums
- Access Controls
- Regular Audits
Hashing
Converting data into a fixed-size value.
- Any minor change will result in a vastly different hash
Hash Digest
Digital fingerprint
Digital Signatures
Uses encryption to ensure integrity and authenticity
Checksums
Method to verify the integrity of data during transmission.
Regular Audits
Reviewing logs and operations to address discrepancies and ensure authorized changes.
Describe Availability
Ensuring that data, systems and services are accessible and operational to authorized end users.
How is the quality Availability status determined?
By the number of “nines”
ex. 99.9%, 99.999%
What is the Gold Standard for Availability status?
Five “nines” (99.999%)
Why is Availability important?
- Ensures business continuity
- Maintain customer trust
- Upholds Reputation
What is Redundancy?
Duplicating Critical system components and functions to ensure reliability.
What are 4 types of Redundancy ?
- Server Redundancy
- Network Redundancy
- Power Redundancy
- Data Redundancy
Server Redundancy
Using a Load balancer configuration to ensure server uptime should one fail.
Network Redundancy
Ensuring data can travel through an alternate route should a network path fail.
Data Redundancy
Storing Data in multiple places so it can always be recovered should a data store fail.
Power Redundancy
Implementing back up power sources to ensure that systems remain operational.
Define Non-repudiation
Providing undeniable proof in digital transactions
Why is Non-Repudiation important?
- Confirms Authenticity in digital transactions
- Ensures Integrity
- Provides Accountability
How is Non-Repudiation performed?
Digital Signatures
Define Authentication
Verifying the identity of individuals or entities participating in a digital interaction.
What are 5 common forms of Authentication?
- Something you KNOW
- Something you HAVE
- Something you ARE
- Something you DO
- SOMEWHERE you are
Something you KNOW
Information a user can recall
(Knowledge Factor)
eg. Secret Phrase, Password,
Something you HAVE
Use presents a physical item to authenticate themselves
(Possession Factor)
Eg. Keycard, Badge, Smartphone
Something you ARE
User Provides a unique physical or behavioral characteristic of themselves to authenticate.
(Inherence Factor) (Biometrics)
Eg. Fingerprint scan, voice authentication, Facial Recognition
Something you DO
User conduction a unique action to authenticate
(Action Factor)
Eg. Hand Writing recognition, Gait recognition
SOMEWHERE you are
User being in a certain location to authenticate
(Location Factor)
Eg. Geo-Fencing, Region locking
what is 2FA?
Two-factor Authentication
- 2 authentication methods
What is MFA?
Multi-factor Authentication
- 2 or more authentication methods