.png){kind=logo}
1
WELL DETAILED ANSWERS|LATEST
PASS Information security - ANSWER Keeping data, software, and hardware secure against unauthorized access, use, disclosure, disruption, modification, or destruction.
Compliance - ANSWER The requirements that are set forth by laws and industry regulations. Example : HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government agencies
CIA - ANSWER The core model of all information security. Confidential, integrity and availability
Confidential - ANSWER Allowing only those authorized to access the data requested
integrity - ANSWER Keeping data unaltered by accidental or malicious intent
Availability - ANSWER The ability to access data when needed
Parkerian hexad model - ANSWER Confidentiality , integrity, availability, possession/control, authenticity, utility
Possession/ control - ANSWER Refers to the physical disposition of the media on which the data is stored
authenticity - ANSWER Allows us to talk about the proper attribution as to the owner or creator of the data in question 1 / 3
2
Utility - ANSWER How useful the data is to us
Types of attacks - ANSWER 1- interception 2- interruption 3- modification 4- fabrication
Interception - ANSWER Attacks allows unauthorized users to access our data, applications, or environments. Are primarily an attack against confidentiality
Interruption - ANSWER Attacks cause our assets to become unstable or unavailable for our use, on a temporary or permanent basis. This attack affects availability but can also attack integrity
Modification - ANSWER Attacks involve tampering with our asset. Such attacks might primarily be considered an integrity attack, but could also be an availability attack.
Fabrication - ANSWER Attacks involve generating data, processes, communications, or other similar activities with a system. Attacks primarily affect integrity but can be considered an availability attack.
Risk - ANSWER The likelihood that a threat will occur. There must be a threat and vulnerability
Threat - ANSWER Any event being man-made, natural or environmental that could damage the assets
Vulnerabilities - ANSWER Weakness that a threat event or the threat can take advantage of 2 / 3
3
Impact - ANSWER taking into account the assets cost
Controls - ANSWER The ways we protect assets. Physical, technical/ logical, and administrative
Physical controls - ANSWER Controls are physical items that protect assets. Think of locks, doors, guards and fences
Technical/ logical controls - ANSWER Controls are devices and software that protect assets. Think of firewalls, av, ids, and ips
Administrative controls - ANSWER Controls are the policies that organizations create
for governance. Ex: email policies
risk mamagement - ANSWER A constant process as assets are purchased, used and retired. The general steps are 1- identify assets 2- identify threats 3- assess vulnerabilities 4- assess risk 5- mitigating risks
Identify assets - ANSWER First and most important part or risk management.Identifying and categorizing the assets we are protecting
Identify threats - ANSWER Once we have our critical assets we can identify the threats that might effect them
- / 3
.png)