What is Cybersecurity? Flashcards
Define Cybersecurity
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.
What is the CIA Triad?
A basic, overarching model for Cybersecurity. Stands for:
- Confidentiality
- Integrity
- Availability
What is CONFIDENTIALITY, and what are some examples of how it is managed (CIA Triad)?
Confidentiality is the protection of private information and can be managed by:
1) Keeping levels of access and setting permissions
2) Encrypting Data and Files
3) Requiring multi-factor authentication
What is INTEGRITY and what are some techniques related to integrity? (CIA Triad)
Data integrity refers to security controls that protect data from being changed or deleted.
1) Keeping backups of the data in its correct state, and logging versions
2) Using cryptography to securely check for changes
3) Keeping track of digital signatures to prove integrity of data
What is AVAILABILITY, and how is it accomplished? (CIA Triad)
Availability refers to data being consistently, reliably available to those authorized, and is accomplished by:
1) Always monitoring servers and networks
2) Maintaining hardware & software
3) Having a plan for disaster recovery
What are the primary domains of Cybersecurity?
1) Security Engineering
2) Governance & Compliance
3) Risk Management & Threat Intelligence
4) Security Operations
5) Education
What are the primary components of Security Engineering?
1) Information Security
2) Network Security
3) Application Security
4) Cloud Security
5) Cryptography
6) Critical Infrastructure Security
What is Information Security?
InfoSec protects data in any form (physical and digital) from being accessed, modified, shared, or deleted by the wrong people.
What is the GDPR? (General Data Protection Regulation)
In 2016, the European Parliament and Council agreed on the General Data Protection Regulation. In the spring of 2018, the GDPR began requiring companies to:
1) provide data breach notifications
2) appoint a data-protection officer
3) require user consent for data processing
4) anonymize data for privacy
All companies operating within the EU must comply with these standards.
What is Network Security?
Network security is concerned with the network infrastructure of an organization that guards against unauthorized access or data from being intercepted.
What is Application Security?
Application security refers to implementing measures that defend an application (mobile, desktop, or web) from attack, including both software and hardware solutions.
Examples of application security include secure coding, the use of antivirus programs, firewalls, and encryption.
What is Cloud Security?
Cloud security refers to the new field of making sure resources uploaded into the cloud are secure.
What is Cryptography?
Cryptography focuses on methods to hide and un-hide information so that data is only readable or usable by authorized people.
What is Critical Infrastructure Security?
Critical infrastructure security is defending physical systems that are becoming more digital/networked, such as energy grids, hospitals, water and waste systems, and even schools. Among the issues that come up are natural disasters and outages.
What is Cybersecurity Governance & Compliance?
1) Governance refers to understanding international, federal, and state laws and regulations for security.
2) Compliance refers to making sure an organization enforces certain policies, and continuously auditing as well.
