5187045
| Question | Answer |
| 3 Main Goals of Security | Prevention, Detection, Recovery |
| This is the means for preventing users from gaining unauthorized access | Prevention |
| This is the way the user is discovered attempting to access unauthorized data or after information has been lost. | Detection |
| This is the process in which vital data is retrieved from a crashed system, storage devices or physical resources. | Recovery |
| This is a concept that indicates exposure to the chance of damage or loss. Also signifies the likelihood of a hazard or dangerous threat occurring. | Risk |
| This is any event or action that could potentially cause damage to an asset. | Threat |
| Types of threats include... | Unintentional/Unauthorized Access, Interruption of Services, Interruption of Access, Damage to Facilities |
| This is any condition that leaves the system open to harm. (Weakness in the network) | Vulnerability |
| Types of vulnerabilities include... | Improperly configured or installed hardware/software, Un-tested software/firmware patches, Bugs in software/OS, Misuse of software/communication protocols, Poorly designed networks, Poor physical security, Insecure passwords, Design flaws in software/OS, Unchecked user input |
| This occurs when an attacker accesses a computer system without authorization. | Intrusion |
| 3 types of intrusions are... | Physical, Host-based, Network-based |
| This is a technique used to exploit a vulnerability in an application or physical computer system. | Attack |
| Types of attacks include... | Physical security, Social engineering, Software based, Web-application based, Network-based |
| These are countermeasures you need to put in place to avoid, mitigate and counteract security risks due to threats or attacks. | Controls |
| Types of controls include... | Prevention control, Detection control, Correction control |
| This security management process consists of detecting problems and determining how best to protect the system. | Identification |
| This security management process consists of installing control mechanisms to prevent problems in the system. | Implementation |
| This security management process consists of detecting and solving any security issues after security controls have been implemented. | Monitoring |
| The CIA Triad consists of... | Confidentiality, Integrity, Availablility |
| This is the principle of keeping info and communication private and protecting it from unauthorized people. | Confidentiality |
| This is the principle of keeping an organization's information accurate, free of errors, and without unauthorized modifications. | Integrity |
| This is ensuring systems operate continuously and authorized persons can access the data they need. | Availability |
| The goal of ensuring the party that sent a transmission or created the data remain associated with that data and cannot deny sending or creating that data is known as? | Non-Repudiation |
| The method that ensures that the entity requesting access to resources by using a certain set of credentials is the owner of the credentials is known as? | Identification |
| The method of validating a particular entity or individual's unique credentials is known as? | Authentication |
Want to create your own Flashcards for free with GoConqr? Learn more.