Define the confidentiality in the CIA triad. -
answersOur ability to protect data from
those who are not authorized to view it.
Examples of confidentiality - answersA
patron using an ATM card wants to keep
their PIN number confidential.
An ATM owner wants to keep bank account
numbers confidential.
How can confidentiality be broken? -
answersLosing a laptop
An attacker gets access to info
A person can look over your shoulder
Define integrity in the CIA triad. -
answersThe ability to prevent people from
changing your data and the ability to
reverse unwanted changes.
How do you control integrity? -
answersPermissions restrict what users can
do (read, write, etc.)
Examples of integrity - answersData used
by a doctor to make medical decisions
needs to be correct or the patient can die.
,Define the availability in the CIA triad. -
answersOur data needs to be accessible
when we need it.
How can availability be broken? -
answersLoss of power, application
problems. If caused by an attacker, this is a
Denial of Service attack.
Define information security. - answersThe
protection of information and information
systems from unauthorized access, use,
disclosure, disruption, modification, or
destruction in order to provide
confidentiality, integrity, and availability.
Define the Parkerian Hexad and its
principles. - answersThe Parkerian Hexad
includes confidentiality, integrity, and
availability from the CIA triad. It also
includes possession (or control),
authenticity, and utility.
Authenticity - answersWhether the data in
question comes from who or where it says it
comes from (i.e. did this person actually
send this email?)
,Confidentiality is affected by what type of
attack? - answersInterception (eaves
dropping)
Integrity is affected by what type of attacks?
- answersInterruption (assets are
unusable), modification (tampering with an
asset), fabrication (generating false data)
Authenticity is affected by what type of
attacks? - answersInterruption (assets are
unusable), modification (tampering with an
asset), fabrication (generating false data)
Utility - answersHow useful the data is to
you (can be a spectrum, not just yes or no)
Possession - answersDo you physically
have the data in question? Used to
describe the scope of a loss
Identify the four types of attacks -
answersinterception, interruption,
modification, and fabrication
Interception attacks - answersMake your
assets unusable or unavailable
, Interruption attacks - answerscause assets
to become unusable or unavailable for our
use, on a temporary or permanent basis
Modification attacks - answersTampering
with an asset
Fabrication attacks - answersGenerating
data, process, and communications
Define the risk management process -
answers1. Identify assets
2. Identify threats
3. Assess vulnerabilities
4. Assess risks
5. Mitigate risks
Define the incident response process and
its stages. - answersPreparation
Detection and analysis
Containment
Eradication
Recovery
Preparation in incident response -
answerscreating policies and procedures
answersOur ability to protect data from
those who are not authorized to view it.
Examples of confidentiality - answersA
patron using an ATM card wants to keep
their PIN number confidential.
An ATM owner wants to keep bank account
numbers confidential.
How can confidentiality be broken? -
answersLosing a laptop
An attacker gets access to info
A person can look over your shoulder
Define integrity in the CIA triad. -
answersThe ability to prevent people from
changing your data and the ability to
reverse unwanted changes.
How do you control integrity? -
answersPermissions restrict what users can
do (read, write, etc.)
Examples of integrity - answersData used
by a doctor to make medical decisions
needs to be correct or the patient can die.
,Define the availability in the CIA triad. -
answersOur data needs to be accessible
when we need it.
How can availability be broken? -
answersLoss of power, application
problems. If caused by an attacker, this is a
Denial of Service attack.
Define information security. - answersThe
protection of information and information
systems from unauthorized access, use,
disclosure, disruption, modification, or
destruction in order to provide
confidentiality, integrity, and availability.
Define the Parkerian Hexad and its
principles. - answersThe Parkerian Hexad
includes confidentiality, integrity, and
availability from the CIA triad. It also
includes possession (or control),
authenticity, and utility.
Authenticity - answersWhether the data in
question comes from who or where it says it
comes from (i.e. did this person actually
send this email?)
,Confidentiality is affected by what type of
attack? - answersInterception (eaves
dropping)
Integrity is affected by what type of attacks?
- answersInterruption (assets are
unusable), modification (tampering with an
asset), fabrication (generating false data)
Authenticity is affected by what type of
attacks? - answersInterruption (assets are
unusable), modification (tampering with an
asset), fabrication (generating false data)
Utility - answersHow useful the data is to
you (can be a spectrum, not just yes or no)
Possession - answersDo you physically
have the data in question? Used to
describe the scope of a loss
Identify the four types of attacks -
answersinterception, interruption,
modification, and fabrication
Interception attacks - answersMake your
assets unusable or unavailable
, Interruption attacks - answerscause assets
to become unusable or unavailable for our
use, on a temporary or permanent basis
Modification attacks - answersTampering
with an asset
Fabrication attacks - answersGenerating
data, process, and communications
Define the risk management process -
answers1. Identify assets
2. Identify threats
3. Assess vulnerabilities
4. Assess risks
5. Mitigate risks
Define the incident response process and
its stages. - answersPreparation
Detection and analysis
Containment
Eradication
Recovery
Preparation in incident response -
answerscreating policies and procedures
