WGU C836 - Fundamentals of Information Security Study Notes. Exam Questions & Answers. Graded A+

WGU C836 - Fundamentals of Information Security Study Notes. Exam Questions & Answers. Graded A+ Information Security - -Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The Confidentiality, Integrity, and Availability Triad (CIA) - -Three of the primary concepts in information security. Gives us a model by which we can think about and discuss security concepts, and tends to be very focused on security, as it pertains to data. Confidentiality - -A concept similar to, but not the same as, privacy. A necessary component of privacy and refers to our ability to protect our data from those who are not authorized to view it. A concept that may be implemented at many levels of a process. Integrity - -The ability to prevent our data from being changed in an unauthorized or undesirable manner. We not only need to have the means to prevent unauthorized changes to our data but also need the ability to reverse authorized changes that need to be undone. Availability - -The ability to access our data when we need it. Loss of availability can refer to a wide variety of breaks anywhere in the chain that allows us access to our data. Such issues can result from power loss, operating system or application problems, network attacks, compromise of a system, or other problems. Parkerian hexad - -Not as widely known as the CIA triad. Encompasses the three principles of the CIA triad, adds Possession or control, Authenticity, Utility. There is some variance in how Parker describes integrity, as he does not account for authorized, but incorrect, modification of data and instead focuses on the state of the data itself in the sense of completeness. Possession or control - -Refers to the physical disposition of the media on which the data is stored. This enables us, without involving other factors such as availability, to discuss our loss of the data in its physical medium. Authenticity - -Allows us to talk about the proper attribution as to the owner or creator of the data in question. Authenticity can be enforced through the use of digital signatures. Utility - -Refers to how useful the data is to us. Utility is also the only principle of the Parkerian hexad that is not necessarily binary in nature; we can have a variety of degrees of utility, depending on the data and its format. Interception - -Allow unauthorized users to access our data, applications, or environments, and are primarily an attack against confidentiality. Examples of Interception Attacks - -Unauthorized file viewing or copying, eavesdropping on phone conversations, or reading e-mail, and can be conducted against data at rest or in motion. Properly executed, interception attacks can be very difficult to detect. Interruption - -Cause our assets to become unusable or unavailable for our use, on a temporary or permanent basis. Interruption attacks often affect availability but can be an attack on integrity as well. Examples of Interruption Attacks - -In the case of a DoS attack on a mail server, we would classify this as an availability attack. In the case of an attacker manipulating the processes on which a database runs in order to prevent access to the data it contains, we might consider this an integrity attack, due to the possible loss or corruption of data, or we might consider it a combination of the two. Modification - -Involve tampering with our asset. Such attacks might primarily be considered an integrity attack but could also represent an availability attack. Examples of Modification Attacks - -If we access a file in an unauthorized manner and alter the data it contains, we have affected the integrity of the data contained in the file. However, if we consider the case where the file in question is a