Studied by 10 peopleDefine confidentiality
Permitting authorised users access to info and protecting info from improper disclosure.
Define Integrity
Assurance that data has not been altered in an unauthorised manner.
Define availability
Assuring that systems and data are accessible when users need him
What are the 3 common methods of authorisation?
-Something you know -Something you have -Something you are
Define Non-repudiation
Ensures that a person or party cannot deny sending a message. Digitally signs the message which proves the origin of the message
What does HIPAA do?
protects confidentiality of a patients medical information
What does GDPR do?
Gives anyone within the EU control over what personal info companies can compile and retain about them.
Define vulnerability
Gap or weakness in an orgs protection of its valuable assets.
Define threats
Something/Someone that aims to exploit a vulnerability to gain unauthorised access
Define risk avoidance
To avoid doing something in order to eliminate the chance of risk
Define risk acceptance
Taking no action to reduce the likelihood of a risk occurring.
Define risk mitigation
Most common. Taking actions to prevent or reduce the possibility of a risk event.
Includes remediation, security controls, tighter policies and procedures.
Define risk transfer
Practice of passing the risk to another party, usually an insurance company.
Define qualitative data
data that consists of non-numerical categories
high, medium, low
Define quantitative data
numerical data
Define risk tolerance
The level of risk a company is willing to assume.
physical controls examples
Badge reader, stop sign, door lock, walls, fences, guards
Admin controls examples
AUP, emergency operation procedures, employee training
Technical control examples
Access control list
Define Regulations
Issued in the form of laws, usually carry a fine.
HIPAA, GDPR
Define standards
Used by governance to provide a framework to introduce policies and procedures in support of regs.
Define policies
guidelines used in making consistent decisions
Define procedures
Step by step detailed guide to complete a task
Define a breach
The loss of control, someone has accessed PII without authorisation.
Define an event
An occurence in a network or a system
Define an incident
An event that jeopardises the CIA of a system.
Incident response steps:
Preparation Identification Containment Eradication Recovery Lessons Learned
What will the incident response team consist of?
-Senior management -Info security professionals -Legal reps -Public affairs -Engineering reps
How often should you test your BCP?
Routinely
In terms of access control, define a subject?
A user, process, procedure, client, program
In terms of access control, define an object?
Building, computer, file, a database, printer
Basically, anything that provides a service to a user.
How does separation of duties work?
Ensures that a task is completed by multiple people.
Example: If Bob orders stock, Tod receives it.
Give examples of physical access controls:
Turnstiles, man traps, system controlled door locks, biometrics, cameras, logs, guards, alarms
Give examples of logical access controls:
MAC, DAC, RBAC
What is the upper layer of the OSI model responsible for?
Managing the integrity of a connection and controlling the session as well as establishing, maintaining and terminating comms between 2 computers.
What does layer 6 deal with?
Image files
What does layer 5 deal with?
Logical ports
What does layer 4 deal with?
TCP/UDP
What does layer 3 deal with?
Routers and sending packets
What does layer 2 deal with?
Switches, bridges, WAPS
What is a fragment attack?
Attacker fragments traffic in such a way that a system is unable to put data packets back together.
What are the 'Well known' ports?
0-1023
What are the 'Registered ports'
1024-49151
What are the dynamic ports?
49152-65535
Explain a side channel threat?
Passive, non invasive attack that observes the operation of a device using methods such as power monitoring.
3 threats directly linked with malware?
Ransomware, trojan, virus
HVAC optimum range?
64 to 81 F (18-27 C)
What does SaaS provide?
Provides access to software apps such as email of office products.
software, operating system, and the network
What does PaaS provide?
Provides an environment for users to build software.
the operating system and the network
Role Based Access Control
where the employee's job responsibilities dictate exactly which kinds of access the employee has.
DLP(Data Loss Prevention)
A tool that inspects outbound traffic to reduce potential threats.
asymmetric encryption
each party needs their own key pair (a public key and a private key) to engage in confidential communication, shows proof of origin
Hashing
to provide an integrity check
Symmetric encryption
offers confidentiality of data with the least amount of processing overhead, which makes it the preferred means of protecting streaming data.
Note
Flashcard