WGU D430 fundamentals of
information security Assessment
Questions and Answers
Information security
protecting data, software, and hardware secure against unauthorized access, use,
disclosure, disruption, modification, or destruction.
Compliance
The requirements that are set forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal
government agencies
DAD Triad
Disclosure, alteration, and denial
,CIA Triad
The core model of all information security concepts. Confidential, integrity and
availability
Confidential
Ability to protect our data from those who are not authorized to view it.
What ways can confidentiality be compromised?
- lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity
Keeping data unaltered by accidental or malicious intent
How to maintain integrity?
Prevent unauthorized changes to the data and the ability to reverse unwanted
authorized changes.
,Via system/file permissions or Undo/Roll back undesirable changes.
Availability
The ability to access data when needed
Ways Availability can be compromised
- Power loss
- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS)
Security problem in which users are not able to access an information system; can
be caused by human errors, natural disaster, or malicious activity.
Parkerian hexad model
A model that adds three more principles to the CIA triad:
Possession/Control
, Utility
Authenticity
Possession/ control
Refers to the physical disposition of the media on which the data is stored; This
allows you to discuss loss of data via its physical medium.
Principle of Possession example
Lost package (encrypted USB's and unencrypted USB's)
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is
compromised only via possession).
Principle of Authenticity
Allows you to say whether you've attributed the data in question to the proper
owner/creator.
Ways authenticity can be compromised
Sending an email but altering the message to look like it came from someone else,
than the original one that was sent.
information security Assessment
Questions and Answers
Information security
protecting data, software, and hardware secure against unauthorized access, use,
disclosure, disruption, modification, or destruction.
Compliance
The requirements that are set forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal
government agencies
DAD Triad
Disclosure, alteration, and denial
,CIA Triad
The core model of all information security concepts. Confidential, integrity and
availability
Confidential
Ability to protect our data from those who are not authorized to view it.
What ways can confidentiality be compromised?
- lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity
Keeping data unaltered by accidental or malicious intent
How to maintain integrity?
Prevent unauthorized changes to the data and the ability to reverse unwanted
authorized changes.
,Via system/file permissions or Undo/Roll back undesirable changes.
Availability
The ability to access data when needed
Ways Availability can be compromised
- Power loss
- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS)
Security problem in which users are not able to access an information system; can
be caused by human errors, natural disaster, or malicious activity.
Parkerian hexad model
A model that adds three more principles to the CIA triad:
Possession/Control
, Utility
Authenticity
Possession/ control
Refers to the physical disposition of the media on which the data is stored; This
allows you to discuss loss of data via its physical medium.
Principle of Possession example
Lost package (encrypted USB's and unencrypted USB's)
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is
compromised only via possession).
Principle of Authenticity
Allows you to say whether you've attributed the data in question to the proper
owner/creator.
Ways authenticity can be compromised
Sending an email but altering the message to look like it came from someone else,
than the original one that was sent.
