WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
1. Define the confi- the core model of all of information security
dentiality, integrity,
availability *(CIA)
triad*.
2. Differentiate *con- *Confidential* is allowing only those *authorized to access* the data request-
fidentiality*, *in- ed.
tegrity*, and *avail- *Integrity* is keeping *data unaltered* by Accidental or Malicious intent.
ability*. *Availability* is the ability to *access* data when needed.
3. Define *informa- keeping data, software, and hardware secure against unauthorized access,
tion security*. use, disclosure, disruption, modification, or destruction
4. Assets should al- Most important: people, data
ways be protected Least important: hardware/software
by value to the or-
ganization in this
order:
5. Define the *Parker- CIA triad plus:
ian Hexad* and its *Possession/Control*: the *physical disposition* of the media on which the
principles. data is stored.
*Authenticity*: allows us to talk about the proper *attribution as to the owner
or creator* of the data in question.
*Utility*: how *useful* the data is to us.
6. Identify the *four *Interception*: allow *unauthorized users to access* our data, applications, or
types of attacks*. environments.
*Interruption*: cause our assets to become *unusable or unavailable* for our
use, on a temporary or permanent basis.
*Modification*: involve *tampering* with our asset.
*Fabrication*: involve *generating data, processes, communications*, or other
similar activities with a system.
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
7. Compare *Risk*: the *likelihood* that an event will occur. To have risk there must be a
*threats*, threat and vulnerability.
*vulnerabilities*, *Threats*: any *events* being man-made, natural or environmental that could
*risk*, and cause damage to assets.
*impact*. *Vulnerabilities*: a *weakness* that a threat event or the threat agent can take
advantage of.
*Impact*: an additional step that is taking into account the *asset's cost*.
8. Define the Identify assets
*risk management Identify threats
process* and its Assess vulnerabilities
stages. Assess risks
Mitigating risks
9. Define the *in- the 6 step response cycle when *risk management practices have failed* and
cident response have caused an inconvenience to a disastrous event.
process*.
10. Define the *in- Preparation
cident response Detection and analysis
process* stages. Containment
Eradication
Recovery
Post incident activity (postmortem)
(*P*ole *DA*ncing *C*ats *E*yeballed *R*abid *P*orcupines)
11. Define *defense in *layering multiple controls* on top on one another.
depth*.
(Example: Using the 3 control types in multiple overlapping protections. Locks
on hardware server cabinets, multilayers of authentication and policies that
control visitors in the building.)
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
12. Define *compli- requirements that are set forth by *laws and industry regulations* (HIP-
ance*, including PA/HITECH, PCI-DSS, FISMA)
*regulatory* and
*industry* compli-
ance.
13. Identify types of *Physical*: physical items that protect assets think locks, doors, guards, and,
*controls* to miti- fences.
gate risk. *Technical/Logical*: devices and software that protect assets think firewalls, AV,
IDS, and IPS.
*Administrative*: policies that organizations create for governance an example
acceptable use and email use policies.
14. Identify the layers Data
of a Application
*de- Host
fense-in-depth* Internal Network
strategy. External Network
(Network Perimeter)
15. Identify the DMZ
defensive VPN
measures in the Logging
*external Auditing
network* layer of Penetration testing
the Vulnerability analysis
*de-
fense-in-depth*
strategy.
16. Identify the Firewalls
defensive Proxy
measures in the Logging
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
*network Stateful packet inspection
perimeter* layer of Auditing
the Penetration testing
*de- Vulnerability analysis
fense-in-depth*
strategy.
17. Identify the IDS
defensive IPS
measures in the Logging
*internal network* Auditing
layer of the Penetration testing
*de- Vulnerability analysis
fense-in-depth*
strategy.
18. Identify the Authentication
defensive Antivirus
measures in the Firewalls
*host* layer of the IDS
*de- IPS
fense-in-depth* Passwords
strategy. Hashing
Logging
Auditing
Penetration testing
Vulnerability analysis
19. Identify the SSO
defensive Content filtering
measures in the Data validation
*application* layer Auditing
Study online at https://quizlet.com/_b6cp3v
1. Define the confi- the core model of all of information security
dentiality, integrity,
availability *(CIA)
triad*.
2. Differentiate *con- *Confidential* is allowing only those *authorized to access* the data request-
fidentiality*, *in- ed.
tegrity*, and *avail- *Integrity* is keeping *data unaltered* by Accidental or Malicious intent.
ability*. *Availability* is the ability to *access* data when needed.
3. Define *informa- keeping data, software, and hardware secure against unauthorized access,
tion security*. use, disclosure, disruption, modification, or destruction
4. Assets should al- Most important: people, data
ways be protected Least important: hardware/software
by value to the or-
ganization in this
order:
5. Define the *Parker- CIA triad plus:
ian Hexad* and its *Possession/Control*: the *physical disposition* of the media on which the
principles. data is stored.
*Authenticity*: allows us to talk about the proper *attribution as to the owner
or creator* of the data in question.
*Utility*: how *useful* the data is to us.
6. Identify the *four *Interception*: allow *unauthorized users to access* our data, applications, or
types of attacks*. environments.
*Interruption*: cause our assets to become *unusable or unavailable* for our
use, on a temporary or permanent basis.
*Modification*: involve *tampering* with our asset.
*Fabrication*: involve *generating data, processes, communications*, or other
similar activities with a system.
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
7. Compare *Risk*: the *likelihood* that an event will occur. To have risk there must be a
*threats*, threat and vulnerability.
*vulnerabilities*, *Threats*: any *events* being man-made, natural or environmental that could
*risk*, and cause damage to assets.
*impact*. *Vulnerabilities*: a *weakness* that a threat event or the threat agent can take
advantage of.
*Impact*: an additional step that is taking into account the *asset's cost*.
8. Define the Identify assets
*risk management Identify threats
process* and its Assess vulnerabilities
stages. Assess risks
Mitigating risks
9. Define the *in- the 6 step response cycle when *risk management practices have failed* and
cident response have caused an inconvenience to a disastrous event.
process*.
10. Define the *in- Preparation
cident response Detection and analysis
process* stages. Containment
Eradication
Recovery
Post incident activity (postmortem)
(*P*ole *DA*ncing *C*ats *E*yeballed *R*abid *P*orcupines)
11. Define *defense in *layering multiple controls* on top on one another.
depth*.
(Example: Using the 3 control types in multiple overlapping protections. Locks
on hardware server cabinets, multilayers of authentication and policies that
control visitors in the building.)
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
12. Define *compli- requirements that are set forth by *laws and industry regulations* (HIP-
ance*, including PA/HITECH, PCI-DSS, FISMA)
*regulatory* and
*industry* compli-
ance.
13. Identify types of *Physical*: physical items that protect assets think locks, doors, guards, and,
*controls* to miti- fences.
gate risk. *Technical/Logical*: devices and software that protect assets think firewalls, AV,
IDS, and IPS.
*Administrative*: policies that organizations create for governance an example
acceptable use and email use policies.
14. Identify the layers Data
of a Application
*de- Host
fense-in-depth* Internal Network
strategy. External Network
(Network Perimeter)
15. Identify the DMZ
defensive VPN
measures in the Logging
*external Auditing
network* layer of Penetration testing
the Vulnerability analysis
*de-
fense-in-depth*
strategy.
16. Identify the Firewalls
defensive Proxy
measures in the Logging
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
*network Stateful packet inspection
perimeter* layer of Auditing
the Penetration testing
*de- Vulnerability analysis
fense-in-depth*
strategy.
17. Identify the IDS
defensive IPS
measures in the Logging
*internal network* Auditing
layer of the Penetration testing
*de- Vulnerability analysis
fense-in-depth*
strategy.
18. Identify the Authentication
defensive Antivirus
measures in the Firewalls
*host* layer of the IDS
*de- IPS
fense-in-depth* Passwords
strategy. Hashing
Logging
Auditing
Penetration testing
Vulnerability analysis
19. Identify the SSO
defensive Content filtering
measures in the Data validation
*application* layer Auditing
