Exam (elaborations)
C836 EXAM AND REVIEW UPDATED 2022/2023 CHAPTER 1 TO chapter 6
- Course
- Institution
C836 EXAM AND REVIEW UPDATED 2022/2023 CHAPTER 1 TO chapter 6
[Show more]
Seller
Follow
hummidd
Content preview
lOMoAR cPSD| 19500986lOMoAR cPSD| 19500986
C836 EXAM AND REVIEW UPDATED 2022/2023 CHAPTER 1
TO chapter 6
CHAPTER 1
Define the confidentiality, integrity, availability (CIA) triad.
- -gives a model by which we can think about and discuss security concepts, tends to be very
focused on security, as it pertains to data.
Differentiate confidentiality, integrity, and availability.
Confidentiality
- similar but not the same as privacy
- necessary component of privacy and refers to our ability to protect data from those who are
not authorized to view it
Integrity
- Refers to the ability to prevent our data from being changed in an unauthorized or
undesirable manner
- This could mean the unauthorized change or deletion of our data or portions of our
data, or it could mean an authorized but undesirable change or deletion of data
- To maintain integrity, we not only need to have the means to prevent unauthorized
changes to our data but also need the ability to reserve the authorized changes that
need to be undone
Availability
- -refers to the ability to access our data when we need it
- -loss of availability can refer to a wide variety of breaks anywhere in the chain that
allows us access tour data
- Issues can result from power loss, operating system or application problems, network
attacks, compromise of a system, or other problems
Define information security.
- -protecting information and information systems from unauthorized access, use,
disclosure, disruption modification, or destruction
- It means we want to protect our data (where ever it is) and system assets from
those who would see to misuse it
Define the Parkerian Hexad and its principles.
- Consist of CIA triad as well as possession or control, authenticity, and utility for a
total of six principles
- It is not widely known as the CIA triad
- Integrity does not account for authorized but incorrect modification of data and
instead focuses on the state of the data itself in the sense of completeness
- Possession or control refers to the physical disposition of the media on which
data is stored. This enables us without involving other factors such as
availability to discuss our loss of the data in its physical medium. The principle of
, lOMoAR cPSD| 19500986
possession would enable us to more accurately describe the scope of the
incident.
- Authenticity allows us to talk about the proper attribution as to the owner or
creator of the data in question. Authenticity can be enforced through the use of
digital signatures. Nonrepudiation prevents someone from taking an action such
as sending an email and then later denying that he or she has done so.
- Utility refers to how useful the data is to us. It is the only principle that is not
necessarily binary to nature. We can have a variety of degrees of utility
depending the data format.
Identify the four types of attacks (i.e., interception, interruption, modification, and fabrication).
- Interception attacks allow unauthorized users to access our data, applications, or
environments, and are primarily an attack against confidentiality. Interception
might take the form unauthorized file viewing or copying, eavesdropping on
phone conversations, or reading e-mail, and be conducted against data at rest or
in motion. Properly executed, interception attacks can be very difficult to
detect.
- Interruption attacks cause our assets to become unusable or unavailable for our
use, on a temporary or permanent basis. Interruption attacks often affect
availability but can be an attack on integrity as well.
- Modification attacks involve tampering with our asset. Such attacks might
primarily be considered an integrity attack but could also represent an
availability attack.
- Fabrication attacks involve generating data, processes, communications, or other
similar activities with a system. Fabrication attacks primarily affect integrity but
could be considered an availability attack as well.
- Confidentiality (Interception), Integrity (Interruption, Modification, Fabrication),
Availability (Interruption, Modification, Fabrication)
Compare threats, vulnerabilities, risk, and impact.
- Threat is something that has the potential to cause us harm. Threats tend to be
specific to certain environments particularly in the world of information security.
- Vulnerabilities are weaknesses that can be used to harm us. In the essence they
are holes that can be exploited by threats in order to cause us harm. A
vulnerability might be a specific operating system or application that we are
running, a physical location where we have chosen to place our office building, a
data center that is populated over the capacity of its air-conditioning system, a
lack of backup generators, or other factors.
- Risk is the likelihood that something bad will happen. In order for us to have a
risk in a particular environment, we need to have both a threat and vulnerability
that the specific threat can exploit.
- Impact is considering the value of the asset being threatened to be a factor, this
may change whether we see a risk as being present or not.
, lOMoAR cPSD| 19500986
Define the risk management process and its stages.
- Identify assets, one of the first and arguably one of the most important parts of
the risk management process is identifying and categorizing the assets that we
are protecting. If we cannot enumerate the assets that we have and evaluate
the importance of each of them, protecting them can become a very difficult
task. Once we have been able to identify that asset in use, deciding which of
them is a critical business asset is another question entirely. Making an accurate
determination of which assets are truly critical to conducting business will
generally require the input of functions that make use of the asset, those that
support the asset itself, and potentially other involved parties as well. Not all
assets need to be protected equally, by determining where resources should be
focused, and cost can reduce while security increased.
- Identify threats takes place after critical assets are enumerated. It is useful to a
have a framework within which to discuss the nature of a given threat and the
CIA triad or Parkerian hexad serve nicely for this purpose. There needs to be a
concern with losing control of data, maintaining accurate data, and keeping the
system up and running. Given this information, we can begin to look at areas of
vulnerability and potential risk.
- Assess vulnerabilities, in the context of potential threats. An asset may have
thousands or millions of threats that could impact it, but only a small fraction of
these will actual be relevant. The issue of identifying these is narrowed by
considerably by looking at the potential threats first.
- Assess risks, once we have identified the threats and vulnerabilities for a given
asset, we can assess the overall risk. Risk is the conjunction of a threat and a
vulnerability. A vulnerability with no matching threat or a threat with no
matching vulnerability do not constitute risk.
- Mitigating risks, to help mitigate risk, we can put measures in place to help
ensure that a given type of threat is accounted for. These measures are referred
to as controls. Controls are divided into three categories: physical, logical, and
administrative.
Define the incident response process and its stages.
- If our risk management efforts fail, incident response exists to react to such
events. Incident response should be primarily oriented to the items that we feel
are likely to cause us pain as an organization, which we should now know based
on our risk management efforts. Reactions to such incidents should be based, as
much as is possible or practical, on documented incident response plan, which
are regularly reviewed, tested, and practiced by those who will be expected to
enact them in the case of an actual incident. The incident response process at a
high level consists of: Preparation, Detection and analysis, Containment,
Eradication, Recovery, Post incident activity.
- Preparation, the preparation phase of incident response consists of all the
activities that we can perform, in advance of the incident itself, in order to better
enable us to handle it. This involves having the policies and procedures that
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller hummidd. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $30.02. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
77983 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now