CompTIA Security+ 701 Study Guide Ch. 1 Notes

Security+ Ch1. Notes

What are the three key objectives of cybersecurity programs?

• Confidentiality

• Integrity

• Availability

Confidentiality

Ensures that unauthorized individuals are not able to gain access to sensitive information.

Integrity

Ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally

Availability

Ensures that information and systems are ready to meet the need of legitimate users at the time those users request them

Nonrepudiation

Means that someone who performed some action, such as sending a message, cannot later deny having taken that action

Security Incidents

These occur when an organization experiences a breach of the confidentiality, integrity, and/or availability of information or information systems.

The DAD Triad

Security model that explains the three key threats to cybersecurity efforts

What are the three components of the DAD Triad?

• Disclosure

• Alteration

• Denial

Disclosure

This is the exposure of sensitive information to unauthorized individuals, otherwise known as data lose.

Alteration

This is the unauthorized modification of information and is a violation of the principle of integrity.

Denial

This is the disruption of an authorized user’s legitimate access to information.

Financial Risk

This is the risk of monetary damage to the organization as the result of a data breach.

Reputational Risk

This occurs when the negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers, and other stakeholders.

Strategic Risk

This is the risk that an organization will become less effective in meeting its major goals and objectives as a result of the breach.

Operational Risk

This is risk to the organization’s ability to carry out its day-to-day functions.

Compliance Risk

This occurs when a security breach causes an organization to run afoul of legal or regulatory requirements.

What are security controls in the confines of cybersecurity?

These are specific measures that fulfill the security objectives of an organization.

Gap Analysis

A process where cybersecurity professionals review the control objects for a particular organization, or service and then examines the controls designed to achieve those objectives.

What are the four different categories of security control?

• Technical Controls

• Operational Controls

• Managerial Controls

• Physical Controls

Technical Controls

These enforce confidentiality, integrity, and availability in the digital space.

What are some examples of technical controls?

• Firewall Rules

• Access Control Lists

• Intrusion Prevention Systems

• Encryption

Operational Controls

This is the process that we put in place to manage technology in a secure manner.

What are some examples of operational controls?

• User Access Reviews

• Log Monitoring

• Vulnerability Management

Managerial Controls

These are procedural mechanisms that focus on the mechanics of the risk management process.

What are some examples of managerial controls?

• Periodic Risk Assessments

• Security Planning Exercises

• Incorporation of security policies

Physical Controls

These are security controls that impact the physical world.

What are some examples of physical controls?

• Fences

• Perimeter Lighting

• Locks

• Fire Suppression Systems

• Burglar Alarms

What are the different types of security control?

• Preventive Controls

• Deterrent Controls

• Detective Controls

• Corrective Controls

• Compensating Controls

• Directive Controls

Preventive Controls

These intend to stop a security issue before it occurs.

What are examples of preventive controls?

• Firewalls

• Encryption

Deterrent Controls

These seek to prevent an attacker from attempting to violate security policies.

What are some examples of deterrent controls?

• Guard dogs

• Barbed Wire Fences

Detective Controls

These identify security events that have already occurred.

What is an example of a detective control?

Intrusion Detection System

Corrective Controls

These remediate security issues that have already occurred.

What are some examples of corrective control?

Restoring Backups

Compensating Controls

These are controls designed to mitigate the risk associated with exceptions made to a security policy.

Directive Controls

These inform employees and others what they should do to achieve security objectives.

What are examples of directive controls?

• Policies

• Procedures

Data at Rest

• This is stored data that resides on hard drives, tapes, in the cloud, or on other storage media.

• This is prone to theft by attackers who gain access to systems and are able to browse through their contents.

Data in Transit

• This is data that is in motion/transit over the network.

• This type of data is open to eavesdropping attacks by anyone with access to those networks.

Data in Use

• This is data that is actively in use by a computer system.

• An attacker with control of the system may be able to read the contents of memory and steal sensitive information.

Encryption

This technology uses mathematical algorithms to protect information from prying eyes, both while in transit over a network and while it resides on systems.

What does DLP stand for?

Data Loss Prevention

Data Loss Prevention

These systems help organizations enforce information handling policies and procedures to prevent data loss and theft.

What two different environments does data loss prevention work in?

• Agent-based DLP

• Agentless (network-based) DLP

Agent-based DLP

This uses software agents installed on systems that search those systems for the presence of sensitive information.

Agentless (network-based) DLP

These systems are dedicated devices that sit on the network and monitor outbound network traffic, watching for any transmissions that contain unencrypted sensitive information.

What two mechanisms of action do data loss prevention systems have?

• Pattern Matching

• Watermarking

Pattern Matching

A technique used by DLP systems where they watch for the telltale signs of sensitive information.

Watermarking

A technique used by DLP systems where they apply electronic tags to sensitive documents and then the DLP system can monitor systems and networks for unencrypted content containing those tags.

Data Minimization

These are techniques that seek to reduce risk by reducing the amount of sensitive information that we maintain on a regular basis.

Deidentification Process

This removes the ability to link data back to an individual, reducing its sensitivity.

Data Obfuscation

A process when sensitive data is transformed into a format where the original information cannot be retrieved.

Hashing

This uses a hash function to transform a value in our dataset to a corresponding hash value.

Tokenization

This replaces sensitive values with a unique identifier using a lookup table.

Masking

This partially redacts sensitive information by replacing some or all sensitive fields with blank characters.

Access Restrictions

These are security measures that limit the ability of individuals or systems to access sensitive information or resources.

What are two common types of access restriction?

• Geographic Restrictions

• Permission Restrictions

Geographic Restriction

This limits access to resources based on the physical location of the user or system.

Permission Restriction

This limits access to resources based on the user’s role or level of authorization.

Segmentation

The process of placing sensitive systems on separate networks where they may communicate with each other but have strict restrictions on their ability o communicate with systems on other networks.

Isolation

This goes a step further than segmentation by completely cutting a system off from access to or from outside networks.