Terms & Definitions Flashcards

1
Q

What is “The CIA Triad”?

A

To define security, it has become common to use Confidentiality, Integrity and Availability, known as the CIA triad.

This describes security using relevant and meaningful words that make security more understandable to management and users and define its purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is “Confidentiality”?

A

Confidentiality relates to permitting authorized access to information, while at the same time protecting information from improper disclosure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is “Integrity”?

A

Integrity is the property of information whereby it is recorded, used and maintained in a way that ensures its completeness, accuracy, internal consistency and usefulness for a stated purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is “Availability”?

A

Availability means that systems and data are accessible at the time users need them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is “PII”?

A

Personally Identifiable Information (PII):

any
information that can be used to distinguish or trace an individual’s identity, such as name, Social
Security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any
other information that is linked or linkable to an individual, such as medical, educational, financial
and employment information.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the NIST Definition of “Confidentiality”?

A

The National Institute of Standards and Technology, known as NIST, in its Special Publication 800-
122 defines PII as “any information about an individual maintained by an agency, including (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is “Protected Health Information (PHI)”?

A

Information regarding health status, the provision of healthcare or payment for healthcare as de-
fined in HIPAA (Health Insurance Portability and Accountability Act).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is “Classified or Sensitive Information”?

A

Information that has been determined to require protection against unauthorized disclosure and is marked to indicate its classified status and classification level when in documentary form.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Integrity measures _____

A

…the degree to which something is whole and complete, internally consistent and correct. The concept of integrity applies to:

  • information or data
  • systems and processes for business * operations
  • organizations
  • people and their actions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data integrity is the assurance that _____

A

…data has not been altered in an unauthorized manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is “Data Integrity”?

A

The property that data has not been altered in an unauthorized manner. Data integrity covers data
in storage, during processing and while in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is “System Integrity”?

A

The quality that a system has when it performs its intended function in an unimpaired manner, free
from unauthorized manipulation of the system, whether intentional or accidental.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is “state”?

A

The condition an entity is in at a point in time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is “baseline”?

A

A documented, lowest level of security configuration allowed by a standard or organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Availability can be defined as ____?

A
  • (1) timely and reliable access to information and the ability to use it, and
  • (2) for authorized users, timely and reliable access to data and information services.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is “criticality,”?

A

A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is “authentication”?

A

Access control process validating that the identity being claimed by a user or entity is known to
the system, by comparing one (single-factor or SFA) or more (multi-factor authentication or MFA)
factors of identification.

Authentication is a process to prove the identity of the requestor.

18
Q

What is a “token”?

A

A physical object a user possesses and controls that is used to authenticate the user’s identity.

19
Q

What is “biometrics”?

A

Biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris pat-
terns.

20
Q

What is “Multi-Factor Authentication”?

A

Using two or more distinct instances of the three factors of authentication (something you know,
something you have, something you are) for identity verification.

21
Q

What is “Single-Factor Authentication”?

A

Use of just one of the three available factors (something you know, something you have, some-
thing you are) to carry out the authentication process being requested.

22
Q

Three common techniques for authentication:

A
  • Knowledge-based 
  • Token-based 
  • Characteristic-based 
23
Q

What is “Non-repudiation”?

A

The inability to deny taking an action such as creating information, approving information and
sending or receiving a message.

24
Q

What is “Privacy”?

A

The right of an individual to control the distribution of information about themselves.

25
Q

What is “General Data Protection Regulation (GDPR)”?

A

In 2016, the European Union passed comprehensive legislation that addresses personal privacy,
deeming it an individual human right.

26
Q

An asset is…

A

something in need of protection.

27
Q

A vulnerability is…

A

a gap or weakness in protection efforts.

Weakness in an information system, system security procedures, internal controls or implementa-
tion that could be exploited by a threat source.

28
Q

A threat is…

A

something or someone that aims to exploit a vulnerability to thwart protection efforts.

29
Q

What is a “Threat Vector”?

A

The means by which a threat actor carries out their objectives.

30
Q

What is a “Threat Actor”?

A

An individual or a group that attempts to exploit vulnerabilities to cause or force a threat to occur.

31
Q

What is “Risk Avoidance”?

A

Is the decision to attempt to eliminate the risk entirely.

32
Q

What is “Risk Acceptance”?

A

Is taking no action to reduce the likelihood of a risk occurring.

33
Q

What is “Risk Mitigation”?

A

Taking actions to prevent or reduce the possibility of a risk event or its impact

34
Q

What is “Risk Transference”?

A

Is the practice of passing the risk to another party, who will accept the financial impact of the harm resulting from a risk being realized in exchange for payment.

35
Q

What are “security controls”?

A

The management, operational and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity and availability of the
system and its information.

36
Q

What are “physical controls?

A

Controls implemented through a tangible mechanism. Examples include walls, fences, guards,
locks, etc. In modern organizations, many physical control systems are linked to technical/logical
systems, such as badge readers connected to door locks.

37
Q

What are “technical controls”?

A

Security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software or firmware components of the system.

38
Q

What are “administrative controls”?

A

Controls implemented through policy and procedures.
Examples include access control processes
and requiring multiple personnel to conduct a specific operation. Administrative controls in mod-
ern environments are often enforced in conjunction with physical and/or technical controls, such as
an access-granting policy for new users that requires login and approval by the hiring manager.

39
Q

Regulations & Laws:

A
40
Q

Standards:

A
41
Q

Policies:

A
42
Q

Procedures:

A