CompTIA Security+ Study Guide Chapter 1: Todays Security Professional

0.0(0)

Studied by 2 people

Learn

Practice Test

Spaced Repetition

Match

Flashcards

Card Sorting

1/33

Earn XP

Description and Tags

Computer Science

Study Analytics

Name	Mastery	Learn	Test	Matching	Spaced

No study sessions yet.

34 Terms

New cards

Confidentiality

Ensures that unauthorized individuals are not able to gain access to sensitive information.

New cards

Integrity

Ensures that there are not unauthorized modifications to information or systems, either intentionally or unintentionally.

New cards

Availability

Ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them.

New cards

Security Incidents

Occur when an organization experiences a breach of the confidentiality, integrity, and/or availability of information of information systems.

New cards

Disclosure

The exposure of sensitive information to unauthorized individuals, otherwise known as data loss.

New cards

Alteration

The unauthorized modification of information and is a violation of the principle of integrity.

New cards

Denial

The unintended disruption of an authorized user's legitimate access to information.

New cards

Financial Risk

The risk of monetary damage to the organization as the result of a data breach.

New cards

Reputational Risk

Occurs when the negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers, and other stakeholders.

New cards

Strategic Risk

The risk that an organization will become less effective in meeting its major goals and objectives as a result of the breach.

New cards

Operational Risk

Risk to the organizations ability to carry out its day-to-day functions.

New cards

Compliance Risk

Occurs when a security breach causes an organization to run afoul of legal or regulatory requirements.

New cards

Technical Controls

Enforce confidentiality, integrity, and availability in the digital space.

New cards

Operational Controls

The process that we put in place to manage technology in a secure manner.

New cards

Managerial Controls

Procedural mechanisms that focus on the mechanics of the risk management process.

New cards

Preventative Controls

Intended to stop a security issue before it occurs. ex. Firewall, Encryption

New cards

Detective Controls

Identifies security events that have already occurred. ex. Intrusion detection systems

New cards

Corrective Controls

Remediate security issues that have already occurred. ex. Restoring backups

New cards

Deterrent Controls

Seeks to prevent an attacker from attempting to violate security policies. ex. Barbed wire

New cards

Physical Controls

Security controls that impact the physical world. ex. Fire Suppression Systems, burglar alarms

New cards

Compensating Controls

Controls designed to mitigate the risk associated with exceptions made to a security policy. (see page 9 for more info)

New cards

Data at rest

Stored data that resides on hard drives, tapes, in the cloud, or on other storage media. This data is prone to pilfering by insiders or external attackers who gain access to systems and are able to browse through their contents.

New cards

Data in motion

Data that is in transit over a network. When data travels on an untrusted network, it is open to eavesdropping attacks by anyone with access to those networks.

New cards

Data in processing

Data that is actively in use by a computer system. This includes the data stored in memory while processing takes place. An attacker with control of the system may be able to read the contents of memory and steal sensitive information.

New cards

Encryption

Technology that uses mathematical algorithms to protect information from prying eyes, both while it is in transit over a network and while it resides on systems.

New cards

Data Loss Prevention (DLP)

A system that helps organizations enforce information handling policies and procedures to prevent data loss and theft.

New cards

Host-Based DLP

Uses software agents installed on systems that search those systems for the presence of sensitive information. Can also monitor system configuration and user actions, blocking undesirable actions. ex. block users from accessing USB-based devices.

New cards

Network DLP

Dedicated devices that sit on the network and monitor outbound network traffic, watching for any transmissions that contain unencrypted sensitive information.

New cards

Pattern Matching

Where they watch for the telltale signs of sensitive information. ex. Numbers formatted like credit cards or ssn

New cards

Watermarking

Where systems or administrators apply electronic tags to sensitive documents and then the DLP system can monitor systems and networks for unencrypted content containing those tags.

New cards

Data Minimization

Techniques seeking to reduce risk by reducing the amount of sensitive information that we maintain on a regular basis. ex. Destroying data when it is no longer needed

New cards

Hashing

Uses a hash function to transform a value in our dataset to a corresponding hash value.

New cards

Tokenization

Replaces sensitive values with a unique identifier using a lookup table. ex. replacing a student ID with a randomly generated 10-digit number. Then maintaining a lookup table that allows us to convert those back to student IDs

New cards

Masking

Partially redacts sensitive information by replacing some or all sensitive fields with blank characters. ex. Replacing last four digits of credit card with xxxx