Terms & Concepts Flashcards
What is the CIA triad?
CIA stands for confidentiality, integrity and availability.
Define the “C” in the CIA triad?
“C” stands for confidentiality.
Sensitive information is only accessible by authorized individuals.
Define the “I” in the CIA triad.
“I” stands for integrity.
Maintaining the accuracy and completeness of data.
Define the “A” in the CIA triad.
“A” stands for availability.
Information and resources should be available to authorized individuals when needed.
What is the principle of least privilege?
Granting users the minimum level of access (or permissions) necessary to perform their job functions.
Explain “defense in depth”.
Implementing multiple layers of security controls to protect information and resources, so that if one layer fails, others still provide protection.
Explain “zero trust”.
A security model that assumes no implicit trust, verifying every access request as though it originates from an open network.
Define RBAC.
RBAC stands for role-based access control.
Assigning permission to users based on their role within an organization.
Define ABAC.
ABAC stands for attribute-based access control.
Granting access based on user attributes (eg. department, location) and environmental conditions.
Explain multi-factor authentication (MFA).
MFA involves requiring two or more verification factors to authenticate a user, enhancing security beyond just passwords.
Explain single sign-on (SSO).
Allowing users to authenticate once and gain access to multiple systems without re-entering credentials.
Explain privileged access management (PAM).
Controlling and monitoring accounts with elevated permissions to reduce the risk of misuse.
Define “federation”.
Federation is linking a user’s identity across multiple identity management systems, often used for SSO across organizations.
Explain identity lifecycle management.
Managing user identities from creation to deactivation, including onboarding, role changes, and offboarding.
Explain third-party risk assessment.
Evaluating the security posture of vendors who have access to your systems or data.
Define service-level agreements (SLA).
Contracts that define the level of service expected from a vendor, including security commitments.
What is supply chain security?
Ensuring that security is maintained throughout the supply chain to prevent breaches via third-party vendors.
Explain vendor onboarding and offboarding.
Processes for securely integrating new vendors and removing their access when no longer needed.
Define due diligence.
Conducting thorough evaluations of a vendor’s security practices before engagement.
What is GDPR?
GDPR stands for General Data Protection Regulation.
EU regulation on data protection and privacy for individuals within the European Union.
What is the California Consumer Privacy Act (CCPA)?
California state law enhancing privacy rights and consumer protection for residents of California.
What is SOC2?
SOC2 stands for Service Organization Control 2.
Framework for managing customer data based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy.
What is ISO / IEC 27001?
International standard for information security management systems (ISMS).
What is HIPAA?
HIPAA stands for Health Insurance Portability and Accountability Act.
US regulation safeguarding medical information.
What is PCI DSS?
PCI DSS stands for Payment Card Industry Data Security Standard.
Security standards for organizations that handle credit card information.
What is the NIST Cybersecurity Framework?
A set of guidelines for improving critical infrastructure cybersecurity, including Identify, Protect, Detect, Respond, and Recover functions.
Explain CIS controls.
CIS stands for Center for Internet Security.
A prioritized set of actions to protect organizations against the most common cyber threats.
What is the OWASP Top Ten?
OWASP stands for Open Worldwide Application Security Project.
A list of the top ten most critical web application security risks, providing guidelines to mitigate them.
