Frage | Antworten |
3 Main Goals of Security | Prevention, Detection, Recovery |
This is the means for preventing users from gaining unauthorized access | Prevention |
This is the way the user is discovered attempting to access unauthorized data or after information has been lost. | Detection |
This is the process in which vital data is retrieved from a crashed system, storage devices or physical resources. | Recovery |
This is a concept that indicates exposure to the chance of damage or loss. Also signifies the likelihood of a hazard or dangerous threat occurring. | Risk |
This is any event or action that could potentially cause damage to an asset. | Threat |
Types of threats include... | Unintentional/Unauthorized Access, Interruption of Services, Interruption of Access, Damage to Facilities |
This is any condition that leaves the system open to harm. (Weakness in the network) | Vulnerability |
Types of vulnerabilities include... | Improperly configured or installed hardware/software, Un-tested software/firmware patches, Bugs in software/OS, Misuse of software/communication protocols, Poorly designed networks, Poor physical security, Insecure passwords, Design flaws in software/OS, Unchecked user input |
This occurs when an attacker accesses a computer system without authorization. | Intrusion |
3 types of intrusions are... | Physical, Host-based, Network-based |
This is a technique used to exploit a vulnerability in an application or physical computer system. | Attack |
Types of attacks include... | Physical security, Social engineering, Software based, Web-application based, Network-based |
These are countermeasures you need to put in place to avoid, mitigate and counteract security risks due to threats or attacks. | Controls |
Types of controls include... | Prevention control, Detection control, Correction control |
This security management process consists of detecting problems and determining how best to protect the system. | Identification |
This security management process consists of installing control mechanisms to prevent problems in the system. | Implementation |
This security management process consists of detecting and solving any security issues after security controls have been implemented. | Monitoring |
The CIA Triad consists of... | Confidentiality, Integrity, Availablility |
This is the principle of keeping info and communication private and protecting it from unauthorized people. | Confidentiality |
This is the principle of keeping an organization's information accurate, free of errors, and without unauthorized modifications. | Integrity |
This is ensuring systems operate continuously and authorized persons can access the data they need. | Availability |
The goal of ensuring the party that sent a transmission or created the data remain associated with that data and cannot deny sending or creating that data is known as? | Non-Repudiation |
The method that ensures that the entity requesting access to resources by using a certain set of credentials is the owner of the credentials is known as? | Identification |
The method of validating a particular entity or individual's unique credentials is known as? | Authentication |
Möchten Sie mit GoConqr kostenlos Ihre eigenen Karteikarten erstellen? Mehr erfahren.