Cybersecurity terms

study guide for cybersecurity

What are the 4 categories of security controls

The four categories of security controls are administrative, technical, physical, and operational controls, each designed to protect information and systems in different ways.

What are examples of Technical security controls

Examples of technical security controls include firewalls, encryption, intrusion detection systemsIDS/intrusion protection systemsIPS, and antivirus software.

What are the types of administrative security controls

a.      Policy

b.     Procedures

c.      Incident response plan IRP

d.     Business continuity plan BCP

e.      Data classification

What are the types of physical security controls

a.      Fences

b.     Cameras

c.      Gates

d.     guards

what are operational security controls

they are controls done by people and fall under several of the categories of security controls

what are the security types (what they try to accomplish)

a.      Preventative

b.     Deterrent

c.      Detective

d.     Corrective

e.      compensating

f.        Recovery

g.      directive

What are the methods of preventative controls

a.      Encryption

b.     App filtering

c.      Access control system

what are the three methods for deterrent control type 

A Signs

B cameras/cctv

C Guards

what are the three methods for detective control type 

A cctv/cameras

B IPS/IDS

C SIEM Security Information and Event Management (logs)

what are the three methods for corrective control type 

A backup/restore

B IRP (incident response plan)

C DRP Disaster recovery plan

what are the two methods for compensating control type 

A segmentation

B Virtualization

what are the three methods for recovery control type 

A Backup and recovery

B DRP Disaster recovery plan

C BCP  Business continuity plan

what are the three methods for directive control type 

A AUP acceptable use policy

B password policy

C data classification policy

What is the secuirty triad

Confidentiality

Integrity

Availability

What is confidentiality in cyber security

keeping data only for the authorized user

What is integrity when it comes to data in Cybersecurity

Ensure data remains accurate, consistent, and unaltered during storage, transmission, and processing.

what is availability of data for cyber security

Ensure authorized users have timely and uninterrupted access to resources and systems.

When discussing how to support the CIA triangle, there are several important concepts, including what?

A Non-repudiation

B Authenticity

C Accountability

D Principle of least privilege

What is Non-repudiation

Ensure that individuals can't deny their actions or transactions and enhance accountability, which helps strengthen the authenticity and integrity of information exchanges.

What is authenticity?

Confirming the legitimacy of users, data sources, and communications helps ensure that information is accurate, trustworthy, and free from unauthorized alterations.

What is accountability?

Establishing a traceable record of actions and activities that make individuals responsible for their actions contributes to the overall security and integrity of data, systems, and communications

What is the principle of lease privelage

Restricting user and system permissions to the minimum necessary level reduces potential attack surfaces and safeguards the confidentiality, integrity, and availability of resources

What can we use to ensure confidentiality

A encryption

B access control

C Use secure communication channels

What can we do to ensure data integrity

A Hashing

B Digital signatures

C Integrity Checks

What can we do to ensure availability of data

A Redundancy

B Load balance

C Backups