WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
1. Define the confi- the core model of all of information security
dentiality, integrity,
availability *(CIA)
triad*.
2. Differentiate *confi- *Confidential* is allowing only those *authorized to ac-
dentiality*, *integri- cess* the data requested.
ty*, and *availabili- *Integrity* is keeping *data unaltered* by Accidental or
ty*. Malicious intent.
*Availability* is the ability to *access* data when need-
ed.
3. Define *information keeping data, software, and hardware secure against
security*. unauthorized access, use, disclosure, disruption, mod-
ification, or destruction
4. Assets should al- Most important: people, data
ways be protected Least important: hardware/software
by value to the or-
ganization in this
order:
5. Define the *Parker- CIA triad plus:
ian Hexad* and its *Possession/Control*: the *physical disposition* of the
principles. media on which the data is stored.
*Authenticity*: allows us to talk about the proper *at-
tribution as to the owner or creator* of the data in
question.
*Utility*: how *useful* the data is to us.
6. Identify the *four *Interception*: allow *unauthorized users to access*
types of attacks*. our data, applications, or environments.
*Interruption*: cause our assets to become *unusable
or unavailable* for our use, on a temporary or perma-
nent basis.
*Modification*: involve *tampering* with our asset.
*Fabrication*: involve *generating data, processes,
communications*, or other similar activities with a sys-
tem.
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
7. Compare *threats*, *Risk*: the *likelihood* that an event will occur. To have
*vulnerabilities*, risk there must be a threat and vulnerability.
*risk*, and *Threats*: any *events* being man-made, natural or
*impact*. environmental that could cause damage to assets.
*Vulnerabilities*: a *weakness* that a threat event or the
threat agent can take advantage of.
*Impact*: an additional step that is taking into account
the *asset's cost*.
8. Define the Identify assets
*risk management Identify threats
process* and its Assess vulnerabilities
stages. Assess risks
Mitigating risks
9. Define the *in- the 6 step response cycle when *risk management
cident response practices have failed* and have caused an inconve-
process*. nience to a disastrous event.
10. Define the *in- Preparation
cident response Detection and analysis
process* stages. Containment
Eradication
Recovery
Post incident activity (postmortem)
(*P*ole *DA*ncing *C*ats *E*yeballed *R*abid *P*orcu-
pines)
11. Define *defense in *layering multiple controls* on top on one another.
depth*.
(Example: Using the 3 control types in multiple overlap-
ping protections. Locks on hardware server cabinets,
multilayers of authentication and policies that control
visitors in the building.)
12. Define *compli- requirements that are set forth by *laws and industry
ance*, including regulations* (HIPPA/HITECH, PCI-DSS, FISMA)
*regulatory* and
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
*industry* compli-
ance.
13. Identify types of *Physical*: physical items that protect assets think
*controls* to miti- locks, doors, guards, and, fences.
gate risk. *Technical/Logical*: devices and software that protect
assets think firewalls, AV, IDS, and IPS.
*Administrative*: policies that organizations create for
governance an example acceptable use and email use
policies.
14. Identify the layers Data
of a Application
*defense-in-depth* Host
strategy. Internal Network
External Network
(Network Perimeter)
15. Identify the DMZ
defensive VPN
measures in the Logging
*external network* Auditing
layer of the Penetration testing
*defense-in-depth* Vulnerability analysis
strategy.
16. Identify the Firewalls
defensive Proxy
measures in the Logging
*network Stateful packet inspection
perimeter* layer of Auditing
the Penetration testing
*defense-in-depth* Vulnerability analysis
strategy.
17. Identify the IDS
defensive IPS
measures in the Logging
*internal network* Auditing
layer of the
Study online at https://quizlet.com/_b6cp3v
1. Define the confi- the core model of all of information security
dentiality, integrity,
availability *(CIA)
triad*.
2. Differentiate *confi- *Confidential* is allowing only those *authorized to ac-
dentiality*, *integri- cess* the data requested.
ty*, and *availabili- *Integrity* is keeping *data unaltered* by Accidental or
ty*. Malicious intent.
*Availability* is the ability to *access* data when need-
ed.
3. Define *information keeping data, software, and hardware secure against
security*. unauthorized access, use, disclosure, disruption, mod-
ification, or destruction
4. Assets should al- Most important: people, data
ways be protected Least important: hardware/software
by value to the or-
ganization in this
order:
5. Define the *Parker- CIA triad plus:
ian Hexad* and its *Possession/Control*: the *physical disposition* of the
principles. media on which the data is stored.
*Authenticity*: allows us to talk about the proper *at-
tribution as to the owner or creator* of the data in
question.
*Utility*: how *useful* the data is to us.
6. Identify the *four *Interception*: allow *unauthorized users to access*
types of attacks*. our data, applications, or environments.
*Interruption*: cause our assets to become *unusable
or unavailable* for our use, on a temporary or perma-
nent basis.
*Modification*: involve *tampering* with our asset.
*Fabrication*: involve *generating data, processes,
communications*, or other similar activities with a sys-
tem.
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
7. Compare *threats*, *Risk*: the *likelihood* that an event will occur. To have
*vulnerabilities*, risk there must be a threat and vulnerability.
*risk*, and *Threats*: any *events* being man-made, natural or
*impact*. environmental that could cause damage to assets.
*Vulnerabilities*: a *weakness* that a threat event or the
threat agent can take advantage of.
*Impact*: an additional step that is taking into account
the *asset's cost*.
8. Define the Identify assets
*risk management Identify threats
process* and its Assess vulnerabilities
stages. Assess risks
Mitigating risks
9. Define the *in- the 6 step response cycle when *risk management
cident response practices have failed* and have caused an inconve-
process*. nience to a disastrous event.
10. Define the *in- Preparation
cident response Detection and analysis
process* stages. Containment
Eradication
Recovery
Post incident activity (postmortem)
(*P*ole *DA*ncing *C*ats *E*yeballed *R*abid *P*orcu-
pines)
11. Define *defense in *layering multiple controls* on top on one another.
depth*.
(Example: Using the 3 control types in multiple overlap-
ping protections. Locks on hardware server cabinets,
multilayers of authentication and policies that control
visitors in the building.)
12. Define *compli- requirements that are set forth by *laws and industry
ance*, including regulations* (HIPPA/HITECH, PCI-DSS, FISMA)
*regulatory* and
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
*industry* compli-
ance.
13. Identify types of *Physical*: physical items that protect assets think
*controls* to miti- locks, doors, guards, and, fences.
gate risk. *Technical/Logical*: devices and software that protect
assets think firewalls, AV, IDS, and IPS.
*Administrative*: policies that organizations create for
governance an example acceptable use and email use
policies.
14. Identify the layers Data
of a Application
*defense-in-depth* Host
strategy. Internal Network
External Network
(Network Perimeter)
15. Identify the DMZ
defensive VPN
measures in the Logging
*external network* Auditing
layer of the Penetration testing
*defense-in-depth* Vulnerability analysis
strategy.
16. Identify the Firewalls
defensive Proxy
measures in the Logging
*network Stateful packet inspection
perimeter* layer of Auditing
the Penetration testing
*defense-in-depth* Vulnerability analysis
strategy.
17. Identify the IDS
defensive IPS
measures in the Logging
*internal network* Auditing
layer of the
