The Security: General VIEW Flashcards
what is the security in general View?
Security is the condition of being protected from any harm, danger, unauthorized access, and the measures taken to ensure safety, stability and protection from any potential vulnerabilities, threats, attacks and risks
What is security designed for?
security is designed to protect the assets
Security is designed to protect the assets from what?
to protect it from various types of Risks: including (Damage, misuse or unauthorized access)
why is security important?
1- protection from threats
2- safeguarding assets
3- maintaining trust and reputation
4- compliance with regulations
5- preventing financial loss
6- security, in its broadest sense
explain: Security is important to protect from threats ?
Security protects against a variety of risks, from physical attacks and theft to cyberattacks and data breaches
explain: Security is important to safeguarding assets?
it helps preserve the confidentiality, integrity and availability of critical assets, whether its data, infrastructure, or intellectual property
explain: Security is important to maintaining trust and reputation ?
Effective security practices build trust with customers, partners, and stakeholders, as they know that their information and assets are being protected
explain: Security is important to Compliance with regulations?
Many industries have security requirements to protect personal data and ensure compliance with laws.
explain: Security is important to prevent financial loss?
security measures help avoid costly breaches, legal consequences , and loss of business due to downtime, damage, or theft.
explain: Security is important in its broadest sense?
it is about ensuring that systems, assets and individuals are protected from various risks and threats.
What is the goal of security?
the goal of Security is to maintain a safe and stable environment, mitigate risks, and ensure that important assets are safeguarded from harm or unauthorized access
What are the key objectives of security
PDRR
1- prevention
2- Detection
3- Response
4- Recovery
Key objectives of security
What do we mean by the key (Prevention)
The proactive measures taken to stop security incidents or breaches before they occur, This includes using security protocols, firewalls, encryption, and physical barriers
Key objectives of security
What do we mean by the key (Detection)
The ability to identify when a security threat or breach is occurring. This includes monitoring systems for unusual activity, setting up alerts, and using intrusion detection systems (IDS)
Key objectives of security
What do we mean by the key (Response)
The actions taken to address and mitigate the effects of security breach or attack, it involves having a clear incident response plan and being able to take immediate action to contain and resolve issues.
Key objectives of security
What do we mean by the key (Recovery)
The process of restoring normal operations after a security breach or disaster. this involves data backup, disaster recovery plans, and business continuity strategies to minimize downtime and loss
The term assets refers to ?
Anything of value (Resources) that needs to be protected from potential threats, risks, or harm
there are two types of assets ?
1-Tangible (Physical)
2- intangible ( digital or intellectual)
-they can be critical to the functioning an organization, system, or individual.
-protecting assets is a central goal of any security strategy
Losing or damaging these assets could lead to what?
1- Significant financial loss
2- reputational damage
3- operational failure
in security the distinction between Tangible and Intangible assets relates to what ?
relates to their physical presence and how they are protected
what are the Tangible assets?
Tangible assets : These are physical, material objects that can be touched or measured
Examples of the Tangible assets?
-Hardware: Servers, Computers, network devices
-Facilities: Data centers, office buildings
-Physical documents: Printed contracts or blueprints
Mention the security measures for the tangible assets?
-Physical security: Locks, surveillance cameras, and access control
-Environmental controls: Fire suppression, temperature regulation
-Insurance to cover physical loss or damage
What are the Intangible assets?
These are non-physical resources that provide value but cannot be touched
Examples of the Intangible assets?
-Data: Customer information, intellectual property, trade secrets
-Digital assets: software, databases, cryptographic keys
-Brand reputation: Market perception and goodwill
-Compliance: patents, licenses, and legal rights
Mention the security measures for the Intangible assets?
-Cybersecurity: Firewalls, encryption, intrusion detection systems
-Data backups and disaster recovery
-Intellectual property protection: Copyrights, trademarks, and policies
-Risk management: Reputation monitoring and legal strategies
Types of assets that should be secure?
1-Information assets
2-physical assets
3-Digital assets
4-Network assets
5-Human assets
in the information assets, the data should be secure in 3 regions?
1-Data at Rest: stored data such as databases
2-Data at Transit: Data being transmitted over networks
3-Data in use: Data actively being processed by applications
There are two types of physical assets mention them?
-Hardware: Servers, workstations, network devices, and storage devices
-Facilities: Buildings, data centers, and physical storage locations
there are 3 types of Digital assets mention them?
-Applications: software and operating systems
-intellectual property: source code, designs, algorithms
-Configuration files: critical system configurations and network setup details
There are two types of the Network assets mention them?
-network infrastructure: Routers, switches, firewalls, and other connected devices
-Cloud Resources: virtual machines storage buckets, and APIs
There are two types of the Human assets mention them?
-personnel: Employees, contractors, and third-party partners
-Identify and access credentials: Usernames, passwords, and authentication tokens
Protecting assets is crucial for several reasons
1- Prevention of loss
2-Preserving confidentiality, integrity
3-Business continuity
4-Reputation management
one of the reasons to protect the assets is (prevention of loss) explain?
Losing or damaging critical assets can lead to financial losses, legal consequences or business failure
one of the reasons to protect the assets is (Preserving confidentiality, integrity) explain?
For sensitive data or intellectual property, protecting assets ensures that only authorized individuals have access to valuable or private information
one of the reasons to protect the assets is (Business continuity) explain?
By protecting physical, digital, and human assets, organizations can continue their operations without disruption and recover quickly in case of an incident
one of the reasons to protect the assets is (Reputation management) explain?
Safeguarding your assets especially reputation helps maintain public trust and credibility, which are essential for long term success
(Information security, cybersecurity, internet security, network security , web security) How they relate to one another?
1- information security as the foundation: (Interconnection), IS is the overarching discipline aimed at protecting data in all forms, making it the foundation for all other types of security
2-cybersecurity: Focuses on protecting digital data (subset of IS)
3-Internet Security: Secures online communication and data, ensuring information is not intercepted or altered during internet activities
4-Network security: prevents unauthorized access to the networks where information flows
5-Web Security: protects web applications and websites that store or process sensitive information
define Cybersecurity?
Cybersecurity is a broader concept that includes protecting all digital infrastructure from cyber threats its a subset of information security
cybersecurity encompasses aspects of ?
-Internet
-network
-web security
what do we mean by (Internet security)?
Addresses threats arising specifically from internet-based activities (eg: phishing or malicious websites) which are part of broader cybersecurity strategies
what do we mean by (Network security)?
A key subset of cybersecurity, as networks are critical pathways for cyberattacks
What do we mean by (Web security)?
Ensures that websites and applications, which are common cyberattack targets, are secure
Network security serves as what ?
Network security serves as the backbone for protecting all other digital communication and system
when the information security is compromised?
the information security is compromised as data in transit can be intercepted
when cybersecurity is weakened?
cybersecurity is weakened since many cyberattacks exploit network vulnerabilities
when the (Internet security) and the (Web security) are ineffective?
when the (Internet security) and the (Web security) are ineffective if attackers can compromise the underlying network
Web security supports two things from the FIGURE?
1-Internet security
2-Information security
Web security focuses on what?
Web security focuses on protecting websites and web applications, which are often gateways to sensitive information
Internet security relies on what?
Internet security relies on secure web environments to protect online users
Information security ensures what?
Information security ensures sensitive data submitted through web applications is safe
What is the interaction between Cloud security and information security?
Protects sensitive data stored or processed in the cloud by applying encryption, access control, and backup strategies
What is the interaction between Cloud security and Cybersecurity?
Defends cloud systems against cyber threats like ransomware, malware, and unauthorized access
what is the interaction between cloud security and internet security?
Secures internet- based access to cloud platforms by encrypting data in transit and protection against phishing
what is the interaction between cloud security and Network security?
Secures the connections between users, on-premises systems, and cloud environments by using firewalls, VPNs, and network segmentation
what is the interaction between cloud security and Web security?
Protects web applications hosted in the cloud from vulnerabilities like cross-site scripting (XSS) or SQL injection.
What do we mean by this phrase?
(Hardening systems and Resources)
-Security is about making it harder to exploit vulnerabilities
-The goal is to deter attackers by increasing effort and reducing reward
What do we mean by this phrase?
(Discouraging Attackers)
-When security layers are strong and complex, attackers are less likely to succeed
-Most attackers will give up if the effort outweighs the potential gain
Explain (No such thing as perfect security) phrase?
Absolute security is unattainable, but adequate security is achievable
what is the Layered security approach (1-Network, 2-Host, 3-Application, 4-Data)
Combining multiple layers of protection creates a stronger defense, if one layer fails, others compensate, reducing overall risk.
