C836 Fundamentals of Information security Terms. Exam Questions and answers. VERIFIED.

C836 Fundamentals of Information security Terms. Exam Questions and answers. VERIFIED. Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction - -Information Security Companies that process credit card payments must comply with this set of standards - -Payment Card Industry Data Security Standard (PCI DSS) Used to keep something private or minimally known - -Confidentially Refers to the ability to prevent our data from being changed in an unauthorized or undesirable manner. - -Integrity Refers to the ability to access our data when we need it - -Availability A type of attack, primarily against confidentiality - -Interception Something that has the potential to cause harm to our assets - -Threat A weakness that can be used to harm us - -Vulnerability The likelihood that something bad will happen - -Risk An attack that causes our assets to become unusable or unavailable for our use, on a temporary or permanent basis - -Interruption attack An attack that involves tampering with our assets - -Modification attack A model that adds three more principles to the CIA triad: Possession or Control, Authenticity, and Utility - -Parkerian hexad The physical disposition of the media on which the data is stored - -possession or control Allows for attribution as to the owner or creator of the data in question - -Authenticity Refers to how useful the data is to us - -Utility An attack that involves generating data, processes, communications, or other similar activities with a system - -Fabrication attack One of the first and most important steps of the risk management process - -Identify assets A multilayered defense that will allow us to achieve a successful defense should one or more of our defensive measures fail - -defense in depth Based on rules, laws, policies, procedures, guidelines, and other items that are "paper" in nature - -administrative controls Sometimes called technical controls, these protect the systems, networks, and environments that process, transmit, and store our data - -logical controls Controls that protect the physical environment in which our systems sit, or where our data is stored - -physical controls Involves putting measures in place to help ensure that a given type of threat is accounted for - -migrating risk