Security + general concepts
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/44
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
45 Terms
technical controls
controls implemented using systems. Examples include firewalls, anti virus
Management controls
administrative controls associated with security design. Examples include security polices and standard operating policies
Operational controls
Implemented by people instead of systems. Examples include security guards and awareness programs
Physical controls
Limit physical access. Examples include fences, locks, and badge scanners.
Preventive
Block access to resource. Examples include firewall (technical), on-boarding policy (managerial), Guard shack (operational), and door lock (physical)
Deterrent
Discourage an intrusion attempt. Examples include Splash screen (technical), review logs (managerial), reception (operational) and motion detectors (physical)
Detective
Detecting intrusion attempt. Examples include system logs (technical), review logins (managerial), property patrols (operational), motion detectors (physical)
Corrective
Apply a control after an intrusion as been detected. Examples include backup recovery (corrective), policy for reporting intrusions (managerial), contact authorities (operational), fire extinguisher (physical)
Compensating
Control using other means when existing controls aren’t enough. Often temporary. Examples include block instead of patch (technical), separation of duties (managerial), require multiple security staff (operational), power generator (physical)
Directive
Direct a subject towards security compliance. Examples include file storage polices (technical), compliance polices (managerial), security policy training (operational), authorized staff only (physical)
CIA triad
Confidentiality, integrity and availability
Confidentiality
Prevent disclosure of information to unauthorized individuals
Integrity
Messages can’t be modified without detection
Availability
systems and networks must be up and running.
Non-repudiation
The author of a statement/transaction cannot deny their involvement
Proof of integrity
The data sent is accurate and consistent. Accomplished with Hashes
Hash
A mathematical function that converts any amount of data into a unique, fixed-length string of letters and numbers.
AAA framework
Authentication
Proves that a user or entity is who they claim to be
Authorization
Dictates what an authenticated user is permitted to do or access within the network
accounting
Records the actions taken by the user, tracking resources accessed and time spent
Gap analysis
The study of where your system is vs where you want to be.
Zero trust
A holistic process to security in which everything must be verified
Data plane
The plane of packets, frames and process. Examples include ports.
Control plane
Manges actions of data plane. Examples include config files.
adaptive identity
consider the source and the requested resources
Threat scope reduction
decreasing the number of possible entity points by an attacker.
policy driven access control
a dynamic security model that determines user access to resources based on centrally managed, real-time policies rather than static roles or identities
Policy enforcement point (PEP)
where the policy is enforced