Understanding Core Security Goals

Question 1

What is the CIA model?

Answer 1

Confidentiality
Integrity
Accessability

Question 2

Confidentiality

Answer 2

Prevents unauthorized access to information

Question 3

Encryption

Answer 3

Scrambles data to make it unreadable to unauthorized viewers

Question 4

What are the access controls (IAA)

Answer 4

Identification: identity of user
Authentication: credentials of user.
Authorization: data user has been given permission to access

Question 5

Integrity

Answer 5

Verifies that data has not been altered. Typically by using hash algorithms.

Question 6

Availability

Answer 6

Data and services are available when needed

Question 7

Redundancy

Answer 7

backup of critical systems to provide fault tolerance

Question 8

Disk redundancy

Answer 8

duplicate disk drives
Examples:RAID-1 (mirroring)
RAID-5 (striping with parity)
RAID-10 (striping with a mirror)

Question 9

Disk redundancy

Answer 9

duplicate disk drives
Examples:
RAID-1 (mirroring)
RAID-5 (striping with parity)
RAID-10 (striping with a mirror)

Question 10

Server Redundancy

Answer 10

Failover clusters of servers to redundant servers

Question 11

Network redundancy

Answer 11

Load balancing using multiple server clusters and NIC cards

Question 12

Scalability

Answer 12

the ability to manually add resources when needed

Question 13

elasticity

Answer 13

a system that automatically scales resources up or down as needed

Question 14

Patching

Answer 14

Software code released by software vendor to resolve known issues

Question 15

Fault Tolerance

Answer 15

increases the availability of system resources

Question 16

Resiliency

Answer 16

actions designed to quickly recover from a failure.

Question 17

Risk

Answer 17

Likelihood of a threat resulting in a loss

Question 18

threat

Answer 18

any instance or event that can compromise Confidentiality, Integrity, or Availability of resources

Question 19

vulnerabilitty

Answer 19

a weakness in a system

Question 20

security incident

Answer 20

an event or series of events the negatively effect CIA

Question 21

Risk Mitigation

Answer 21

countermeasures and safeguards the reduce the threat risk of exploiting a vulnerability

Question 22

Managerial Controls

Answer 22

administrative in function
Provide policy and documentation of security policies

Question 23

Operational Controls

Answer 23

day to day activities that implement security policies

Question 24

Technical Controls

Answer 24

Hardware, Software and firmware designed to reduce vulnerabilities

Question 25

Preventative Controls

Answer 25

Hardening: Making systems more secure than default settings

Training: Make users aware of vulnerabilities
Security Guards

Change management: implementing policies restricting changes to systems and applications
Account disablement Policies:

Question 26

what are detective controls?

Answer 26

1. Log monitoring - review logs that record details of activities in a system.
2. security information and event management - (SIEM) - detects trends and triggers alarms in real time.
3. Security audit - examines the security posture of an organization.
4. CCTV

Question 27

Corrective and Recovery controls

Answer 27

1. Backup and System recovery.
2. Incident handling processes.