Chapter 1: Today's Security Professionals

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/41

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

42 Terms

1
New cards

The three key objectives of cybersecurity program?

Confidentiality, Integrity, Availability

2
New cards

Confidentiality

ensures that unauthorized individuals are not able to gain access to sensitive information

3
New cards

integrity

ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally

4
New cards

Availability

ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them

5
New cards

CIA Triad

The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information: confidentiality, integrity, and availability.

6
New cards

Security Incidents

When an organization experiences a breach of the confidentiality, integrity, and/or availability of information or information systems.

7
New cards

DAD Triad

Disclosure, Alteration, and Denial

8
New cards

DAD Triad; Disclosure

Exposure of sensitive information to unauthorized individuals. This is also known as data loss.

9
New cards

DAD Triad; Alteration

unauthorized modification of information

10
New cards

DAD Triad; Denial

Disruption of an authorized user's legitimate access to information.

A DDoS attack is an example of this. causing servers/websites to fail so that users cannot access them.

11
New cards

financial risk

The risk of monetary damage to the organization as the result of a data breach.

12
New cards

Reputational Risk

Negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers and other stakeholders.

13
New cards

Strategic Risk

organization will become less effective in meeting its major goals and objectives as a result of a breach

14
New cards

Operational Risk

Risk to the organization's ability to carry out its day-to-day functions

15
New cards

Compliance Risk

security breach causes an organization to run afoul of legal or regulatory requirements

16
New cards

Security Controls

Specific measures that fulfill the security objectives of an organization

17
New cards

Security Control Objectives

Technical, Operational, Managerial

18
New cards

Technical Controls

The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.

19
New cards

Operational controls

The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by people (as opposed to systems).

20
New cards

Managerial controls

procedural mechanisms that focus on the mechanics of the risk management process.

21
New cards

Security Control Types

Preventative, Detective, Corrective, Deterrent, Compensating, Physical

22
New cards

Preventive controls

controls that deter problems before they arise

23
New cards

Detective Controls

Security controls that attempt to detect security incidents after they have occurred.

24
New cards

Corrective Controls

controls that identify and correct problems as well as correct and recover from the resulting errors

25
New cards

Deterrent Controls

Security controls that attempt to discourage individuals from causing a security incident.

26
New cards

Physical Controls

Security controls that you can physically touch.

27
New cards

Compensating Controls

control procedures that compensate for the deficiency in other controls

28
New cards

Payment Card Industry Data Security Standard

A set of security standards that all U.S. companies processing, storing, or transmitting credit card information must follow.

29
New cards

Data at rest

Data that is stored.

30
New cards

Data in motion

Data that is moving over a WAN or LAN, a wireless network, over the internet, or in other ways

31
New cards

data in processing

actively in use by a computer system

32
New cards

Data Loss Prevention (DLP)

Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data

33
New cards

Host-based DLP

uses software agents installed on systems that search those systems for the presence of sensitive information. detecting that information allows the organization to take action to either remove or secure the data. Can also monitor system configuration and user actions, blocking undesirable actions.

34
New cards

Network-based DLP

dedicated devices that sit on the network and monitor outbound network traffic, watching for any transmissions that contain unencrypted sensitive information.

35
New cards

pattern matching

telltale signs of sensitive information

36
New cards

Watermarking

apply electronic tags to sensitive documents

37
New cards

Data minimization

seek to reduce risk by reducing the amount of sensitive information that we maintain on a regular basis

38
New cards

Data Obfuscation

The process that transforms data into a format where the original information can't be retrieved.

39
New cards

Hashing

transforming plaintext of any length into a short code called a hash.

40
New cards

Tokenization

The process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.

41
New cards

Masking

partially redacts sensitive information by replacing some or all sensitive fields with blank characters

42
New cards

Rainbow Table Attack

attempts to discover the password from the hash using databases of precomputed hashes; countermeasure is salting