Tutorial 1 Flashcards
List and describe 3 technical measures
1.Access Control
Limit access to authorized users
2.Identification and Authentication
Authenticates and verifies before permitting to resources
3.System and Communication Protection
Monitor, control and protect organization communication (internal or external)
List and describe 3 management and control procedures
- Awareness and Training
Ensure users of the systems are made aware of security, laws and policies of systems - Audit and Accountability
Create, protect information
systems, audit records. - Contingency Planning
Establish, maintain and implement plans in case of emergency.
List and describe the overlaps between technical measures and control procedures
- Configuration Management
Establish baseline configuration and inventory for organization systems. - Incident Response
the process by which an organization handles a data breach or cyberattack - Media Protection
List three fundamental design principles.
https://cydrill.com/cyber-security/secure-design-principles/#:~:text=The%20main%20secure%20design%20principles,authority%20(there%20and%20then).
- Economy of Mechanism
The design of security measures embodied in hardware and software should be as small and as simple as possible. This should reduce errors. - Least privilege: Operate with the minimal set of powers needed to get the job done.
- Fail-safe defaults: Base access decisions on permission rather than exclusion.
What’s the difference between passive and active security threats?
Active attacks involve the attacker making changes or modifications to the targeted system or data example denial of service ransomware, while passive attacks involve monitoring and eavesdropping on the system or data without altering it example eavesdropping, man in the middle.