Sybex - Chapter 1 Flashcards
Three Common Types of Security Evaluation
Risk Assessment, Vulnerability Assessment, Penetration Testing
The process of identifying assets, threats, and vulnerabilities, then using that information to calculate risk.
Risk Assessment
Using automated tools to locate known security weaknesses, which can be addressed by adding in more defenses or adjusting the existing protections.
Vulnerability Assessment
Using trusted individuals to stress-test the security infrastructure to find issues that may not be discovered by prior two means, with the goal of finding those concerns before an adversary takes advantage of them.
Penetration Testing
The Concept of measures used to ensure the protection of the secrecy of data, objects, resources. Goal is to prevent or minimize unauthorized access to data.
Confidentiality
Countermeasures for this can include: Encryption, network traffic padding, strict access control, rigorous authentication procedures, data classification, and extensive personnel training.
Confidentiality
The follow concepts belong to what part of the CIA Triad?
Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion, Isolation
Confidentiality
The concept of protecting the reliability and correctness of data. This prevents unauthorized alterations of data and provides a means for authorized changes while protecting against intended and malicious unauthorized activities (such as viruses and intrusions) as well as mistakes made by authorized users.
Integrity
The following concepts belong to what part of the CIA Triad?
Preventing unauthorized subjects from making modifications, preventing authorized subjects from making unauthorized modifications such as mistakes, and maintaining the internal and external consistency of objects so data is correct and true reflection of the real world.
Integrity
Countermeasures for this can include: strict access control, authentication procedures, intrusion detection systems, hash verifications, object/data encryption, interface restrictions, input checks, etc.
Integrity
The following concepts belong to what part of the CIA Triad?
Accuracy, Truthfulness, Validity, Accountability, Responsibility, Completeness, Comprehensiveness
Integrity
This concept means authorized subjects are granted timely and uninterrupted access to objects.
Availability
The following concepts belong to what part of the CIA Triad?
Usability, Accessibility, Timeliness
Availability
What does DAD Triad (Opposite of CIA Triad) stand for?
Disclosure - When sensitive or confidential material is accessed by unauthorized entities. Violation of Confidentiality.
Alteration - When data is maliciously or accidentally changed. Violation of integrity.
Destruction - When a resource is damaged or made inaccessible to authorized users. Violation of Availability. Also known as DoS (Denial of Service)
Security concept that data is genuine and originates from its alleged source with high confidence.
Authenticity