Security/Compliance

These flashcards cover the foundational concepts of information security as discussed in the MongoDB training, focusing on key definitions, practices, risks, and the company's unique offerings.

What is information security?

The practice of protecting information by mitigating risks.

What does it mean to mitigate risks?

To reduce or lessen risks associated with information security.

What is a data breach?

An incident where an organization's sensitive information is accessed, exposed, or stolen by unauthorized individuals.

On average, how long did it take organizations to contain a data breach in 2023?

292 days.

What percentage of data breaches in 2023 involved customer personal data?

46%.

What are the three components of the CIA triad?

Confidentiality, Integrity, and Availability.

What is encryption?

The process of concealing information so it can only be accessed by authorized parties.

What are the three states of data that needs to be protected?

Data in transit, data at rest, and data in use.

What is queryable encryption?

A technology that allows organizations to execute searches directly on encrypted data without needing to decrypt it first.

How does queryable encryption benefit data protection?

It keeps data encrypted at every stage, reducing the risk of sensitive data exposure or breaches.

What is authentication?

The process of verifying a user's or application's identity.

What does authorization manage?

User permissions to determine what actions they are allowed or restricted from performing.

What is role-based access control (RBAC)?

A method of managing user permissions based on their assigned roles.

What is auditing in the context of security?

The process of monitoring and recording user activities while they access resources.

What is compliance?

The act of following rules, standards, or laws set by an organization or governing body.

What are examples of regulations that organizations must comply with?

HIPAA, GDPR, CCPA, and FedRAMP.

What does the shared responsibility model define?

How security responsibilities are divided between MongoDB as the cloud provider and the customer.

What is one advantage of using MongoDB's Atlas service for security?

It offers the highest level of built-in security by managing much of the security burden.