FUNDAMENTALS OF SECURITY

Information Security

Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, and corruption, and destruction

Information System Security

Act of protecting the systems that hold and process the critical data

Confidentiality, Integrity, and Availability

What does the CIA Triad stand for?

Confidentiality

Ensures that information is only accessible to those with the appropriate authorization

Integrity

Ensures that data remains accurate and unaltered unless modification is required

Availability

Ensures that information and resources are accessible and functional when needed by authorized users

Non-Repudiation

Guaranteeing that a specific action or event has taken place and cannot be denied by the parties involved

Confidentiality, Integrity, Availability, Non-Repudiation, & Authentication

What does CIANA Pentagon stand for?

Authentication, Authorization, & Accounting

What are the triple A’s of Security?

Authentication

Process of verifying the identity of a user or system

Authorization

Defines what actions or resources a user can access

Accounting

Act of tracking user activities and resource usage, typically for audit or billing purposes

Security Controls

Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data

Technical, Managerial, Operational, & Physical

What are the Security Control categories?

Preventative, Deterrent, Detective, Corrective, Compensating, & Directive

What are the Security Controls types?

Zero Trust

Security model that operates on the principle that no one, whether inside or outside the organization, should be trusted by default

A Control Place & A Data Plane

In order to achieve Zero Trust, we have to use a __________ __________ and a __________ ___________

Control Plane

Consists of the adaptive identity, threat scope, reduction, policy-driven access control, and secured zones

Data Plane

Focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points