Security Operations and Administration Flashcards
Limits are placed on who is allowed to view information, including copying it to another form.
Confidentiality
The information stays complete and correct when retrieved, displayed, or acted upon.
Integrity
The information is presented to the user in a timely manner when required and in a form and format that meets the user’s needs.
Availability
Only previously approved, known, and trusted users or processes have been able to create, modify, move or copy the information.
Authenticity
The content of the information, its form and content, and its presentation or delivery to the user meets the user’s needs.
Utility
The information is legally owned or held by a known, authorized user, such that the user has authority to exert control over its use, access, modification, or movement.
Possession or Control
The System and its information, by design, do not cause unauthorized harm or damage to others, their property, or their lives
Safety
Information that attests to or relates to the identity of a person, or links specific activities to that identity, must be protected from being accessed, viewed, copied, modified, or otherwise used by unauthorized persons or systems.
Privacy
User who created, used, viewed, or accessed the information, or shared it with others, cannot later deny that they did so.
Nonrepudiation
The information can be reviewed, audited, and made visible or shared with competent authorities for regulatory, legal, or other processes that server the public good.
Transparency
Confidentiality, Integrity, and availability
CIA Triad
Confidentiality, integrity, availability, nonrepudiation, and authentication
CIANA
Confidentiality, integrity, availability, nonrepudiation, authentication, privacy, and security
CIANA+PS
Confidentiality, integrity, availability, authenticity, utility, and possession or control
Parkerian Hexad
Information that you have, own, or create, and that you share with someone else with the agreement that they cannot share that knowledge with anyone else without your consent or without due process of law.
Privileged Information
Any person or any group of people who could learn something from our confidential information and then use that new knowledge in ways that would thwart our plans to attain our objectives or cause us other harm
Unauthorized People
Information and Processes must be complete, correct, function together correctly, and do so in reliable, repeatable, and deterministic ways for the overall system.
Integrity
Consists of the individual facts, observations, or elements of a measurement, such as a person’s name or their residential address.
Data
Process data in various ways; Is the conclusion or inferences from data
Information
General conclusions or principles that you’ve derived from lots of information
Knowledge
Insightful application of knowledge
Wisdom
Information that is used to identify, locate, or contact a specific person
PII or Personal Identifiable Information
Information regarding that person that has not been made public and is not required to be made public
Nonpublished Personal Information
Design and operational principle requires that any given system element has the minimum level of authority and decision-making capability that the specifically assigned task requires, and no more
Least Privilege
