What is Information Security(answered)
Information Security Protects information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction Payment Card Industry Data Security Standard (PCI DSS) Companies that process credit card payments must comply with this set of standards Confidentiality Used to keep something private or minimally known Integrity Refers to the ability to prevent our data from being changed in an unauthorized or undesirable manner. Availability Refers to the ability to access our data when we need it Interception A type of attack, primarily against confidentiality Threat Something that has the potential to cause harm to our assets Vulnerability A weakness that can be used to harm us Risk The likelihood that something bad will happen Interruption attack An attack that causes our assets to become unusable or unavailable for our use, on a temporary or permanent basis Modification attack An attack that involves tampering with our assets Parkerian hexad A model that adds three more principles to the CIA triad: possession or control, utility, and authenticity Possession or control The physical disposition of the media on which the data is stored Authenticity Allows for attribution as to the owner or creator of the data in question Utility Refers to how useful the data is to us Fabrication attack An attack that involves generating data, processes, communications, or other similar activities with a system Identify assets One of the first and most important steps of the risk management process Defense in depth A multilayered defense that will allow us to achieve a successful defense should one or more of our defensive measures fail Administrative controls Based on rules, laws, policies, procedures, guidelines, and other items that are "paper" in nature Logical controls Sometimes called technical controls, these protect the systems, networks, and environments that process, transmit, and store our data Physical controls Controls that protect the physical environment in which our systems sit, or where our data is stored Mitigating Risk Involves putting measures in place to help ensure that a given type of threat is accounted for Preparation phase The risk management phase that consists of all of the activities that we can perform in advance of the incident itself, in order to better enable us to handle it Detection and analysis phase The risk management phase where we detect the occurrence of an issue and decide whether it is actually an incident so that we can respond to it appropriately Post-incident activity phase The risk management phase where we determine specifically what happened, why it happened, and what we can do to keep it from happening again Eradication To completely remove the effects of the issue from our environment Containment Taking steps to ensure that the situation does not cause any more
Geschreven voor
- Instelling
- Introduction to Information Security
- Vak
- Introduction to Information Security
Documentinformatie
- Geüpload op
- 28 juli 2024
- Aantal pagina's
- 5
- Geschreven in
- 2023/2024
- Type
- Tentamen (uitwerkingen)
- Bevat
- Vragen en antwoorden
Onderwerpen
-
what is information security