WGU D430 fundamentals of information security
Information security - *answers * protecting data, software, and hardware secure against
unauthorized access, use, disclosure, disruption, modification, or destruction.
Compliance - *answers * The requirements that are set forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government
agencies
DAD Triad - *answers * Disclosure, alteration, and denial
CIA Triad - *answers * The core model of all information security concepts. Confidential,
integrity and availability
Confidential - *answers * Ability to protect our data from those who are not authorized to view
it.
What ways can confidentiality be compromised? - *answers * - lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity - *answers * Keeping data unaltered by accidental or malicious intent
How to maintain integrity? - *answers * Prevent unauthorized changes to the data and the
ability to reverse unwanted authorized changes.
Via system/file permissions or Undo/Roll back undesirable changes.
,WGU D430 fundamentals of information security
Availability - *answers * The ability to access data when needed
Ways Availability can be compromised - *answers * - Power loss
- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS) - *answers * Security problem in which users are not able to access an
information system; can be caused by human errors, natural disaster, or malicious activity.
Parkerian hexad model - *answers * A model that adds three more principles to the CIA triad:
Possession/Control
Utility
Authenticity
Possession/ control - *answers * Refers to the physical disposition of the media on which the
data is stored; This allows you to discuss loss of data via its physical medium.
Principle of Possession example - *answers * Lost package (encrypted USB's and unencrypted
USB's)
possession is an issue because the tapes are physically lost.
,WGU D430 fundamentals of information security
(Unencrypted is compromised via confidentiality and possession; encrypted is compromised
only via possession).
Principle of Authenticity - *answers * Allows you to say whether you've attributed the data in
question to the proper owner/creator.
Ways authenticity can be compromised - *answers * Sending an email but altering the message
to look like it came from someone else, than the original one that was sent.
Utility - *answers * How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
Security Attacks - *answers * Broken down from the type of attack, risk the attack represents,
and controls you might use to mitigate it.
Types of attacks - *answers * 1- interception
2- interruption
3- modification
4- fabrication
Interception - *answers * Attacks allows unauthorized users to access our data, applications, or
environments.
Primarily an attack against confidentiality
, WGU D430 fundamentals of information security
Interception Attack Examples - *answers * Unauthorized file viewing, copying, eavesdropping
on phone conversations, reading someone's emails.
Interruption - *answers * Attacks cause our assets to become unstable or unavailable for our
use, on a temporary or permanent basis.
This attack affects availability but can also attack integrity
Interruption Attack Examples - *answers * DoS attack on a mail server; availability attack
Attacker manipulates the processes on which a database runs to prevent access; integrity
attack.
Could also be a combo of both.
Modification - *answers * Attacks involve tampering with our asset.
Such attacks might primarily be considered an integrity attack, but could also be an availability
attack.
Modification Attack example - *answers * Accessing a file in a unauthorized manner and alter
the data it contains; affects the integrity.
If the file in question is a config file that manages how a service behaves (web server) this may
affect the availability.
Information security - *answers * protecting data, software, and hardware secure against
unauthorized access, use, disclosure, disruption, modification, or destruction.
Compliance - *answers * The requirements that are set forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government
agencies
DAD Triad - *answers * Disclosure, alteration, and denial
CIA Triad - *answers * The core model of all information security concepts. Confidential,
integrity and availability
Confidential - *answers * Ability to protect our data from those who are not authorized to view
it.
What ways can confidentiality be compromised? - *answers * - lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity - *answers * Keeping data unaltered by accidental or malicious intent
How to maintain integrity? - *answers * Prevent unauthorized changes to the data and the
ability to reverse unwanted authorized changes.
Via system/file permissions or Undo/Roll back undesirable changes.
,WGU D430 fundamentals of information security
Availability - *answers * The ability to access data when needed
Ways Availability can be compromised - *answers * - Power loss
- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS) - *answers * Security problem in which users are not able to access an
information system; can be caused by human errors, natural disaster, or malicious activity.
Parkerian hexad model - *answers * A model that adds three more principles to the CIA triad:
Possession/Control
Utility
Authenticity
Possession/ control - *answers * Refers to the physical disposition of the media on which the
data is stored; This allows you to discuss loss of data via its physical medium.
Principle of Possession example - *answers * Lost package (encrypted USB's and unencrypted
USB's)
possession is an issue because the tapes are physically lost.
,WGU D430 fundamentals of information security
(Unencrypted is compromised via confidentiality and possession; encrypted is compromised
only via possession).
Principle of Authenticity - *answers * Allows you to say whether you've attributed the data in
question to the proper owner/creator.
Ways authenticity can be compromised - *answers * Sending an email but altering the message
to look like it came from someone else, than the original one that was sent.
Utility - *answers * How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
Security Attacks - *answers * Broken down from the type of attack, risk the attack represents,
and controls you might use to mitigate it.
Types of attacks - *answers * 1- interception
2- interruption
3- modification
4- fabrication
Interception - *answers * Attacks allows unauthorized users to access our data, applications, or
environments.
Primarily an attack against confidentiality
, WGU D430 fundamentals of information security
Interception Attack Examples - *answers * Unauthorized file viewing, copying, eavesdropping
on phone conversations, reading someone's emails.
Interruption - *answers * Attacks cause our assets to become unstable or unavailable for our
use, on a temporary or permanent basis.
This attack affects availability but can also attack integrity
Interruption Attack Examples - *answers * DoS attack on a mail server; availability attack
Attacker manipulates the processes on which a database runs to prevent access; integrity
attack.
Could also be a combo of both.
Modification - *answers * Attacks involve tampering with our asset.
Such attacks might primarily be considered an integrity attack, but could also be an availability
attack.
Modification Attack example - *answers * Accessing a file in a unauthorized manner and alter
the data it contains; affects the integrity.
If the file in question is a config file that manages how a service behaves (web server) this may
affect the availability.
