Cyber Security notes

Testout 1.0-2.2.5 rn

Control Categories and Types

Security control- A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.

Managerial- A category of security control that provides oversight of information systems.

Operational- A category of security control that is implemented by people.

Technical- A category of security control that is implemented as a system.

Physical- A category of security control that is implemented by hardware used to deter or detect, such as as alarms, gateways, locks, lighting, and security cameras.

The three types of control categories are managerial that provides oversight of information systems, operational that is implemented by people, and technical that is implemented as a system.

Control Types

  1. Preventive Measures to stop attacks before they happen (e.g., firewalls, antivirus)

  2. Deterrent Measures to discourage potential attackers (e.g., warning signs, legal penalties)

  3. Detective Measures to identify and detect attacks (e.g., intrusion detection systems)

  4. Corrective Measures to respond to and fix issues after an attack (e.g., backups, patches)

  5. Compensating Alternative measures that provide similar protection when primary controls are not feasible (e.g., additional monitoring)

  6. Directive Measures that provide guidelines or instructions (e.g., policies, procedures)

Threat Actors and Attributes

Cryptography Terms

Cryptography-

Verification

Authentication

Attack Strategies

Perform reconnaissance - The process of gathering information about an organization, including:

  • System hardware information

  • Network configuration

  • Individual user information

Use social engineering - The process of manipulating others into providing sensitive information. Social engineering tactics include:

  • Intimidation

  • Sympathy

Security control- A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.

Managerial- A category of security control that provides oversight of information systems.

Operational- A category of security control that is implemented by people.

Technical- A category of security control that is implemented as a system.

Physical- A category of security control that is implemented by hardware used to deter or detect, such as as alarms, gateways, locks, lighting, and security cameras.

The three types of control categories are managerial that provides oversight of information systems, operational that is implemented by people, and technical that is implemented as a system.

Things to know

Hardening a system is securing a system.

The difference between integrity and non-repudiation is non-repudiation has proof

The three main goals in CIA are confidentiality, integrity, and availability.

TGIF

sox