Secure design Flashcards
What does CIA stand for?
confidentiality, integrity, and availability.
What is the CIA triad?
The CIA triad is a foundational model that helps inform how organizations consider risk when setting up systems and security policies.
What does confidentiality mean?
Confidentiality means that only authorized users can access specific assets or data.
Give an example of confidentiality
For example, strict access controls that define who should and should not have access to data, must be put in place to ensure confidential data remains safe.
What does integrity mean?
Integrity means the data is correct, authentic, and reliable.
How do security professionals maintain integrity?
To maintain integrity, security professionals can use a form of data protection like encryption to safeguard data from being tampered with.
What does availability mean?
Availability means data is accessible to those who are authorized to access it.
What is an asset?
An asset is an item perceived as having value to an organization.
What is value determined by?
value is determined by the cost associated with the asset in question.
Give an example of an asset
For example, an application that stores sensitive data, such as social security numbers or bank accounts, is a valuable asset to an organization. It carries more risk and therefore requires tighter security controls in comparison to a website that shares publicly available news content.
What does NIST CSF stand for?
National Institute of Standards and Technology: The Cybersecurity Framework
What is the NIST CSF?
It is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
Why is it important to become familair with the NIST CSF?
Security teams use it as a baseline to manage short and long-term risks
what are some of the most dangerous threat actors to consider?
disgruntled employees because they often have access to sensitive information and know where to find it.
How do security professionals reduce the risk of disgruntled employees?
n order to reduce this type of risk, security professionals would use the principle of availability, as well as organizational guidelines based on frameworks to ensure staff members can only access the data they need to perform their jobs.
