1.2

CIA Triad

• Definition: Keeping data secret, accurate, and always accessible.

• Real Example: Banks encrypt data, use checksums, and have backup servers.

• Methods/Examples: Encryption, checksums, backups, redundant networks.

Non-Repudiation

Definition: Proof that an action or transaction really happened.

Real Example: Digital signatures on contracts.

Methods/Examples: Email receipts, logging, blockchain records.

AAA (Authentication, Authorization, Accounting)

• Definition: Verifying identity, granting correct permissions, and tracking user activity.

• Real Example: Employees log in with badges and actions are logged.

• Methods/Examples: Passwords, smart cards, audit trails.

Gap Analysis

Definition: Checking what's missing between current and desired security.

Real Example: Company compares current password rules to best practices.

Methods/Examples: Security audits, compliance reviews, gap reports.

Zero Trust

• Definition: Never automatically trust anyone—always verify identity and access.

• Real Example: Using multi-factor authentication for every system.

• Methods/Examples: Identity checks, microsegmentation, least privilege.

Physical Security

Definition: Using barriers and guards to protect buildings and assets.

Real Example: Fenced and guarded data centers.

Methods/Examples: Bollards, security badges, surveillance cameras, lighting, sensors.

Deception and Disruption Technology

Definition: Setting traps to lure or confuse attackers.

Real Example: A honeypot server monitors hacker activity.

Methods/Examples: Honeypots, honeynets, honeytokens, fake files.

Control Plane (Zero Trust)

• Definition: Manages network and security policies, user authentication, and access rules.

• Example: Admin dashboard lets you change user permissions for a cloud app.

• Methods: Automated policy updates, granular access controls.

Adaptive Identity (Zero Trust)

Definition: Adjusts security requirements dynamically based on user behavior and context.

Example: System asks for extra verification if you log in from a new device.

Methods: Risk-based authentication, user behavior tracking.

Threat Scope Reduction (Zero Trust)

Definition: Minimizes the systems or users that are exposed to risk or attack.

Example: Limiting admin access to only critical resources.

Methods: Network segmentation, least privilege access.

Policy-driven Access Control

(Zero Trust)

Definition: Controls access using customizable policies based on roles and attributes.

Example: Only managers can access salary files, set by a central policy.

Methods: Attribute-based access, automated enforcement, access control lists.

Policy Administrator

(Zero Trust)

Definition: Person or system responsible for creating and managing security policies.

Example: Security team member approves new access rules.

Methods: Centralized policy management, admin tool interfaces.

Policy Engine (Zero Trust)

Definition: Software that evaluates requests against set policies and allows or denies access.

Example: App checks if a request is allowed before granting access.

Methods: Central rule repository, real-time evaluation.

Data Plane

Definition: Handles the actual transmission of data across the network or system.

Example: File transfers over the company network.

Methods: Network routing, encrypted data transfer.

Implicit Trust Zones (Data Plane)

• Definition: Areas of the network where devices/users are automatically trusted, usually based on network location.

• Example: Devices inside the office LAN are trusted more than remote devices.

• Methods: Internal network segmentation, trust boundaries.

Subject/System

(Data Plane)

Definition: The person (subject) or device/system trying to access resources.

Example: Employee laptop requests access to HR data.

Methods: Identity management, device profiling.

Policy Enforcement Point (PEP) (Data Plane)

Definition: A security checkpoint that enforces access policies for resources.

Example: Door badge reader checks if user can enter.

Methods: Real-time policy checks, logging.

Bollards (Physical Security)

Definition: Physical barriers that block vehicle access to restrict entry.

Example: Steel posts in front of building entrances.

Methods: Install at entrances and loading docks.

Access Control Vestibule (Physical Security)

• Definition: Entry space with two doors; only one opens at a time to control access.

• Example: Bank entrance locks the outer door before the inner opens.

• Methods: Interlocking doors, security guard monitoring.

Fencing (Physical Security)

Definition: Physical barriers that surround a property to prevent unauthorized access.

Example: Chain-link fence around data center.

Methods: Install tall fencing with gates and sensors.

Video Surveillance (Physical Security)

Definition: Cameras used to monitor and record activities for security.

Example: CCTV in retail stores.

Methods: Real-time monitoring, recorded footage analysis.

Security Guard (Physical Security)

Definition: Person who monitors and enforces physical security measures.

Example: Guard checks visitors’ IDs at building entrance.

Methods: Patrols, incident reporting.

Access Badge (Physical Security)

Definition: Electronic or physical card granting authorized access to spaces.

Example: Employees swipe badge to enter office.

Methods: Badge readers, central badge management.

Lighting (Physical Security)

Definition: Use of light to increase visibility and deter intruders.

Example: Security lights on building and parking lot at night.

Methods: Motion-activated lights, floodlights.

Sensors (Physical)

Definition: Devices that detect physical conditions or movements for security.

Example: Motion sensor triggers alarm.

Methods: Infrared, pressure, microwave, ultrasonic sensors.

Infrared Sensor

Definition: Detects heat/motion using infrared technology.

Example: Infrared alarm in warehouses.

Methods: Installed in hallways, entry points.

Pressure Sensor

Definition: Detects physical pressure or weight change.

Example: Pressure pad under carpet triggers alert.

Methods: Door mats, window ledges

Microwave Sensor

Definition: Uses microwave energy to detect movement.

Example: Perimeter security alarms.

Methods: Building and fence perimeters.

Ultrasonic Sensor

Definition: Detects movement via sound waves beyond human hearing.

Example: Office entry alarm.

Methods: Mounted on walls or ceilings.

Honeypot

Definition: Decoy system set up to attract attackers and study their methods.

Example: Fake server monitored for intrusion.

Methods: Deploy on network, analyze traffic.

Honeynet

Definition: Network of honeypots to trap and study attackers.

Example: Multiple fake systems mimic a full environment.

Methods: Simulate entire networks, log attacks.

Honeyfile

• Definition: Fake document meant to lure attackers and alert security teams.

• Example: "Sensitive_Passwords.xlsx" file triggers alarm if accessed.

• Methods: Scatter files with embedded tracking.

Honeytoken

Definition: Fake data or credentials used to detect unauthorized access.

Example: Dummy username in database; alert if used.

Methods: Seed in files, logs, or apps for monitoring.