principles of security (test)

Defense in Depth

The use of multiple varied layers of security to protect an organization's systems and data.

CIA Triad

An information security model comprising Confidentiality, Integrity, and Availability.

Confidentiality

The prevention of unauthorized access or misuse of sensitive data.

Integrity

The consistency and trueness of information/data, ensuring it remains unchanged unless authorized.

Availability

The accessibility of data to authorized users when needed.

Principle of Least Privilege

Users should be granted the minimum privileges necessary to perform their duties.

PAM (Privileged Access Management)

The management of the privileges that an access role has within an organization.

PIM (Privileged Identity Management)

Translating a user's role into an access role on a system.

Bell-La Padula Model

A security model that achieves confidentiality based on 'need to know' and uses the rule 'no write down, no read up'.

Biba Model

A security model focusing on integrity with the rule 'no write up, no read down'.

Threat Modelling

The process of reviewing, improving, and testing the security protocols in information systems.

STRIDE

A threat modeling framework that includes six main principles: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

CSIRT (Computer Security Incident Response Team)

A team that responds to security incidents and manages containment, eradication, and recovery.

Incident Response Phases

Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.