WGU D430 Fundamentals of Information Security
Questions Answers
Define the confidentiality in the CIA Our ability to protect data from those who are not authorized to view it.
triad.
A patron using an ATM card wants to keep their PIN
Examples of confidentiality
number confidential. An ATM owner wants to keep bank
account numbers confidential.
Losing a laptop
How can confidentiality be broken? An attacker gets access to info
A person can look over your shoulder
, The ability to prevent people from changing your data and the
Define integrity in the CIA triad.
ability to reverse unwanted changes.
How do you control integrity? Permissions restrict what users can do (read, write, etc.)
Data used by a doctor to make medical decisions needs to be
Examples of integrity
correct or the patient can die.
Define the availability in the CIA Our data needs to be accessible when we need it.
triad.
Loss of power, application problems. If caused by an attacker, this
How can availability be broken?
is a Denial of Service attack.
The protection of information and information systems from
Define information security. unauthorized access, use, disclosure, disruption, modification, or
destruction in order to provide confidentiality, integrity, and
availability.
The Parkerian Hexad includes
Define the Parkerian Hexad and confidentiality, integrity, and availability
its principles. from the CIA triad. It also includes
possession (or control), authenticity, and
utility.
Whether the data in question comes from who or where it says it
Authenticity
comes from (i.e. did this person actually send this email?)
Confidentiality is affected by what Interception (eaves dropping)
type of attack?
Integrity is affected by what type Interruption (assets are unusable), modification (tampering with an
of attacks? asset), fabrication (generating false data)
Authenticity is affected by what Interruption (assets are unusable), modification (tampering with an
type of attacks? asset), fabrication (generating false data)
Utility How useful the data is to you (can be a spectrum, not just yes or no)
Possession Do you physically have the data in question? Used to describe the scope of a
loss
Identify the four types of attacks interception, interruption, modification, and fabrication
Interception attacks Make your assets unusable or unavailable
cause assets to become unusable or unavailable for our use, on a
Interruption attacks
temporary or permanent basis
Modification attacks Tampering with an asset
Fabrication attacks Generating data, process, and communications
1. Identify assets
2. Identify threats
Define the risk management process 3. Assess vulnerabilities
Questions Answers
Define the confidentiality in the CIA Our ability to protect data from those who are not authorized to view it.
triad.
A patron using an ATM card wants to keep their PIN
Examples of confidentiality
number confidential. An ATM owner wants to keep bank
account numbers confidential.
Losing a laptop
How can confidentiality be broken? An attacker gets access to info
A person can look over your shoulder
, The ability to prevent people from changing your data and the
Define integrity in the CIA triad.
ability to reverse unwanted changes.
How do you control integrity? Permissions restrict what users can do (read, write, etc.)
Data used by a doctor to make medical decisions needs to be
Examples of integrity
correct or the patient can die.
Define the availability in the CIA Our data needs to be accessible when we need it.
triad.
Loss of power, application problems. If caused by an attacker, this
How can availability be broken?
is a Denial of Service attack.
The protection of information and information systems from
Define information security. unauthorized access, use, disclosure, disruption, modification, or
destruction in order to provide confidentiality, integrity, and
availability.
The Parkerian Hexad includes
Define the Parkerian Hexad and confidentiality, integrity, and availability
its principles. from the CIA triad. It also includes
possession (or control), authenticity, and
utility.
Whether the data in question comes from who or where it says it
Authenticity
comes from (i.e. did this person actually send this email?)
Confidentiality is affected by what Interception (eaves dropping)
type of attack?
Integrity is affected by what type Interruption (assets are unusable), modification (tampering with an
of attacks? asset), fabrication (generating false data)
Authenticity is affected by what Interruption (assets are unusable), modification (tampering with an
type of attacks? asset), fabrication (generating false data)
Utility How useful the data is to you (can be a spectrum, not just yes or no)
Possession Do you physically have the data in question? Used to describe the scope of a
loss
Identify the four types of attacks interception, interruption, modification, and fabrication
Interception attacks Make your assets unusable or unavailable
cause assets to become unusable or unavailable for our use, on a
Interruption attacks
temporary or permanent basis
Modification attacks Tampering with an asset
Fabrication attacks Generating data, process, and communications
1. Identify assets
2. Identify threats
Define the risk management process 3. Assess vulnerabilities
