Information security - answersKeeping data,
software, and hardware secure against
unauthorized access, use, disclosure,
disruption, modification, or destruction.
Compliance - answersThe requirements that
are set forth by laws and industry regulations.
Example : HIPPA/ HITECH- healthcare,
PCI/DSS- payment card industry, FISMA-
federal government agencies
CIA - answersThe core model of all information
security. Confidential, integrity and availability
Confidential - answersAllowing only those
authorized to access the data requested
,integrity - answersKeeping data unaltered by
accidental or malicious intent
Availability - answersThe ability to access data
when needed
Parkerian hexad model - answersConfidentiality
, integrity, availability, possession/control,
authenticity, utility
Possession/ control - answersRefers to the
physical disposition of the media on which the
data is stored
authenticity - answersAllows us to talk about
the proper attribution as to the owner or creator
of the data in question
Utility - answersHow useful the data is to us
Types of attacks - answers1- interception
2- interruption
3- modification
4- fabrication
Interception - answersAttacks allows
unauthorized users to access our data,
applications, or environments. Are primarily an
attack against confidentiality
Interruption - answersAttacks cause our assets
to become unstable or unavailable for our use,
,on a temporary or permanent basis. This attack
affects availability but can also attack integrity
Modification - answersAttacks involve
tampering with our asset. Such attacks might
primarily be considered an integrity attack, but
could also be an availability attack.
Fabrication - answersAttacks involve generating
data, processes, communications, or other
similar activities with a system. Attacks primarily
affect integrity but can be considered an
availability attack.
Risk - answersThe likelihood that a threat will
occur. There must be a threat and vulnerability
Threat - answersAny event being man-made,
natural or environmental that could damage the
assets
Vulnerabilities - answersWeakness that a threat
event or the threat can take advantage of
Impact - answerstaking into account the assets
cost
Controls - answersThe ways we protect assets.
Physical, technical/ logical, and administrative
Physical controls - answersControls are
physical items that protect assets. Think of
locks, doors, guards and fences
, Technical/ logical controls - answersControls
are devices and software that protect assets.
Think of firewalls, av, ids, and ips
Administrative controls - answersControls are
the policies that organizations create for
governance. Ex: email policies
risk mamagement - answersA constant process
as assets are purchased, used and retired. The
general steps are 1- identify assets
2- identify threats
3- assess vulnerabilities
4- assess risk
5- mitigating risks
Identify assets - answersFirst and most
important part or risk management. Identifying
and categorizing the assets we are protecting
Identify threats - answersOnce we have our
critical assets we can identify the threats that
might effect them
Assess Vulnerabilities - answersLook at
potential threats. any given asset may have
thousand or millions of threats that could impact
it, but only a small fraction of the threats will be
relevant
software, and hardware secure against
unauthorized access, use, disclosure,
disruption, modification, or destruction.
Compliance - answersThe requirements that
are set forth by laws and industry regulations.
Example : HIPPA/ HITECH- healthcare,
PCI/DSS- payment card industry, FISMA-
federal government agencies
CIA - answersThe core model of all information
security. Confidential, integrity and availability
Confidential - answersAllowing only those
authorized to access the data requested
,integrity - answersKeeping data unaltered by
accidental or malicious intent
Availability - answersThe ability to access data
when needed
Parkerian hexad model - answersConfidentiality
, integrity, availability, possession/control,
authenticity, utility
Possession/ control - answersRefers to the
physical disposition of the media on which the
data is stored
authenticity - answersAllows us to talk about
the proper attribution as to the owner or creator
of the data in question
Utility - answersHow useful the data is to us
Types of attacks - answers1- interception
2- interruption
3- modification
4- fabrication
Interception - answersAttacks allows
unauthorized users to access our data,
applications, or environments. Are primarily an
attack against confidentiality
Interruption - answersAttacks cause our assets
to become unstable or unavailable for our use,
,on a temporary or permanent basis. This attack
affects availability but can also attack integrity
Modification - answersAttacks involve
tampering with our asset. Such attacks might
primarily be considered an integrity attack, but
could also be an availability attack.
Fabrication - answersAttacks involve generating
data, processes, communications, or other
similar activities with a system. Attacks primarily
affect integrity but can be considered an
availability attack.
Risk - answersThe likelihood that a threat will
occur. There must be a threat and vulnerability
Threat - answersAny event being man-made,
natural or environmental that could damage the
assets
Vulnerabilities - answersWeakness that a threat
event or the threat can take advantage of
Impact - answerstaking into account the assets
cost
Controls - answersThe ways we protect assets.
Physical, technical/ logical, and administrative
Physical controls - answersControls are
physical items that protect assets. Think of
locks, doors, guards and fences
, Technical/ logical controls - answersControls
are devices and software that protect assets.
Think of firewalls, av, ids, and ips
Administrative controls - answersControls are
the policies that organizations create for
governance. Ex: email policies
risk mamagement - answersA constant process
as assets are purchased, used and retired. The
general steps are 1- identify assets
2- identify threats
3- assess vulnerabilities
4- assess risk
5- mitigating risks
Identify assets - answersFirst and most
important part or risk management. Identifying
and categorizing the assets we are protecting
Identify threats - answersOnce we have our
critical assets we can identify the threats that
might effect them
Assess Vulnerabilities - answersLook at
potential threats. any given asset may have
thousand or millions of threats that could impact
it, but only a small fraction of the threats will be
relevant
