Terms & Definitions Flashcards
What is “The CIA Triad”?
To define security, it has become common to use Confidentiality, Integrity and Availability, known as the CIA triad.
This describes security using relevant and meaningful words that make security more understandable to management and users and define its purpose
What is “Confidentiality”?
Confidentiality relates to permitting authorized access to information, while at the same time protecting information from improper disclosure.
What is “Integrity”?
Integrity is the property of information whereby it is recorded, used and maintained in a way that ensures its completeness, accuracy, internal consistency and usefulness for a stated purpose.
What is “Availability”?
Availability means that systems and data are accessible at the time users need them.
What is “PII”?
Personally Identifiable Information (PII):
any
information that can be used to distinguish or trace an individual’s identity, such as name, Social
Security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any
other information that is linked or linkable to an individual, such as medical, educational, financial
and employment information.”
What is the NIST Definition of “Confidentiality”?
The National Institute of Standards and Technology, known as NIST, in its Special Publication 800-
122 defines PII as “any information about an individual maintained by an agency, including (1)
What is “Protected Health Information (PHI)”?
Information regarding health status, the provision of healthcare or payment for healthcare as de-
fined in HIPAA (Health Insurance Portability and Accountability Act).
What is “Classified or Sensitive Information”?
Information that has been determined to require protection against unauthorized disclosure and is marked to indicate its classified status and classification level when in documentary form.
Integrity measures _____
…the degree to which something is whole and complete, internally consistent and correct. The concept of integrity applies to:
- information or data
- systems and processes for business * operations
- organizations
- people and their actions
Data integrity is the assurance that _____
…data has not been altered in an unauthorized manner.
What is “Data Integrity”?
The property that data has not been altered in an unauthorized manner. Data integrity covers data
in storage, during processing and while in transit.
What is “System Integrity”?
The quality that a system has when it performs its intended function in an unimpaired manner, free
from unauthorized manipulation of the system, whether intentional or accidental.
What is “state”?
The condition an entity is in at a point in time.
What is “baseline”?
A documented, lowest level of security configuration allowed by a standard or organization.
Availability can be defined as ____?
- (1) timely and reliable access to information and the ability to use it, and
- (2) for authorized users, timely and reliable access to data and information services.
What is “criticality,”?
A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function.