IT security Fundamentals

Sec Plus+

Zero trust

centers belief that organizations should not automatically trust anything inside or outside their perimeters and instead must verify anything and everything trying to connect to their systems before granting access.

CIA Triad

The CIA Triad is a foundational model in IT security that emphasizes three core principles: Confidentiality, Integrity, and Availability. These principles guide organizations in protecting their information and systems.

Confidentiality

Keeping information private and secure from unauthorized access.

Integrity

Ensuring that information is accurate and hasn't been tampered with.

Availability

Making sure information is accessible when needed.

DAD Triad

The DAD Triad for bad guys refers to the malicious actions they aim to carry out. the opposite of the CIA Triad

Disclosure

Exposing sensitive data to unauthorized parties.

Denial

Denying access to data or services

Alteration

Modifying data to corrupt or manipulate it.

Non repudiation

Ensures that actions or transactions can't be denied by the person who performed them. (Digital signatures, Audit logs)

AAA (Triple A)

• Authentication: this is the process of verifying the identity of a user device or other entity in a computer system.

• Authorization: once a user is authenticated the authorization process determines what that user is permitted to do by matching user or system credentials against an access control list.

• Accounting: (sometimes referred to as auditing) accounting is insured by a track of activities. It involves the logging and monitoring of user actions.

Gap analysis

A process to compare current performance with desired goals to identify areas for improvement. and figure out where the gap between the two are.