Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
21 Cards in this Set
- Front
- Back
Availability
|
Reliable and timely access to data and resources is provided to authorized individuals.
|
|
Integrity
|
Accuracy and reliability of the information and systems are provided and any unauthorized modification is prevented.
|
|
Confidentiality
|
Necessary level of secrecy is enforced and unauthorized disclosure is prevented
|
|
Shoulder surfing
|
Viewing information in an unauthorized manner by looking over the shoulder of someone else.
|
|
Social engineering
|
Gaining unauthorized access by tricking someone into divulging sensitive information.
|
|
Vulnerability
|
Weakness or a lack of a countermeasure. For example, out dated anti-virus software
|
|
Threat agent
|
Entity that can exploit a vulnerability. For example, a virus
|
|
Threat
|
The danger of a threat agent exploiting a vulnerability. For example, criminal activity
|
|
Risk
|
The probability of a threat agent exploiting a vulnerability and the associated impact.
|
|
Control
|
Safeguard that is put in place to reduce a risk, also called a countermeasure. For example, updated AV software
|
|
Exposure
|
Presence of a vulnerability, which exposes the organization to a threat.
|
|
Threat Model
|
Threat agent -> gives rise to Threat -> exploits Vulnerability -> leads to Risk -> can damage -> Asset -> and causes an Exposure -> can be countermeasured by a Safeguard
|
|
Control types
|
Administrative, technical, and physical
|
|
Control functionalities
|
1) Deterrent
2) Preventive 3) Corrective 4) Recovery 5) Detective 6) Compensating |
|
Deterrent
|
Discourage a potential attacker
|
|
Preventive
|
Stop an incident from occurring
|
|
Corrective
|
Fix items after an incident has occurred
|
|
Recovery
|
Restore necessary components to return to normal operations
|
|
Detective
|
Identify an incident’s activities after it took place
|
|
Compensating
|
Alternative control that provides similar protection as the original control
|
|
Defense-in-depth
|
Implementation of multiple controls so that successful penetration and compromise is more difficult to attain
|