Confidentiality (CIA Triad) - refers to our ability to protect our data from those who are not authorize to use/view it., Intergrity ( CIA Triad ) - is the ability to prevent people from changing your data in an unauthorized or undesirable manner, Availability ( CIA Triad) - refers to the ability to access our data when we need it., The Parkerian Hexad - It encompasses six key principles, including Confidentiality, Integrity, Availability, as well as Possession or Control, Authenticity, and Utility., possesion or control ( the parkerian Hexad) - refers to the physical disposition of the media on which the data is stored., authenticity ( the parkerian Hexad) - allows you to say whether you've attributed the data in question to the proper owner or creator, Utility ( the parkerian Hexad) - refers how useful data is to you., interceptions - this attack allows unauthorized users to access your data, applications, or environments, and they are primarily attacks against confidentiality, interruption - make your assets unusable or unavailable to you on a temporary or permeant basis ( these types of attacks often affect availability but can affect integrity, as well), modification - involves tampering with an asset. Such attacks might primarily be considered attacks on integrity but could also represents attacks on availability., Fabrication - attacks involve generating data, processes, communications, or other similar material with a system., Threats - is something that has the potential to cause harm to your assets, Vunerabilities - are weaknesses, or holes, that threats can exploit to cause you harm., Risk - is the likelihood that something bad will happen., Impact - takes into account the value of the asset being threatened, Risk Management process - processes compensate for risks in your environment. As you can see, you need to identify your important assets, figure out the potential threats against them, assess your vulnerabilities, and then take steps to mitigate these risks., Identify Assets - One of the first and, arguably, most important parts of the risk management process is identifying the assets you're protecting., identify threats - after enumerating your critical assets, you can then begin to identify the threats that might affect them., Assess Vulnerabilities - when assessing vulnerabilities, you need to do so in context of potential threats.tial threats., Assess Risks - assess the overall risk. risk is the conjunction of a threat and a vulnerability. A vulnerability with no matching threat or a threat with no matching vulnerability does not constitute a risk., mitigate risk - to mitigate riskto mitigate risks, you can out measures in place to account for each threatto mitigate risks, you can out measures in place to account for each threat, Logical Controls - sometimes called technical controls, protect the systems, networks, and environments that process, transmit, and store your data. ex, passwords, encryption, access controls, firewalls, intrusion detection systems., Physical Controls - protect the physical environment in which your systems, sit, or where your data is stored. ex, fences, gates, locks, guards, cameras etc., Administrative controls - based on rules, laws, policies, procedures, guidelines, and other items that are "paper" in nature. Dictate how the users of your environment should behave ex changing passwords every 90 days., incident response - How an organization responds to an incident/attacks, preparation - consists of all the activities you perform ahead of time to better handle an incident., Detection - is where the action begins. in this phase, you detect an issue, decide whether actually an incident, and respond to it appropriately., Containment - involves taking the steps to ensure that the situation doesn't cause any more damage than it already has or at least lessen any ongoing harm., eradication - attempt to remove the effects of the issue from your environment, Recovery - recover to the state your in prior to the incident ex restoring devices or data from a backup media, rebuilding systems etc.,
0%
Fundamentals of Information Security - D430 Terms Pt 1
Teilen
Teilen
Teilen
von
Rareintuitions
Higher Education
Inhalt bearbeiten
Drucken
Einbetten
Mehr
Zuweisungen
Bestenliste
Mehr anzeigen
Weniger anzeigen
Diese Bestenliste ist derzeit privat. Klicke auf
Teilen
um sie öffentlich zu machen.
Diese Bestenliste wurde vom Eigentümer der Ressource deaktiviert.
Diese Bestenliste ist deaktiviert, da sich Ihre Einstellungen von denen des Eigentümer der Ressource unterscheiden.
Einstellungen zurücksetzen
It's a Match
ist eine Vorlage mit offenem Ende. Es generiert keine Punkte für eine Bestenliste.
Anmelden erforderlich
Visueller Stil
Schriftarten
Abonnement erforderlich
Einstellungen
Vorlage ändern
Alle anzeigen
Weitere Formate werden angezeigt, wenn du die Aktivität spielst.
Offene Ergebnisse
Link kopieren
QR-Code
Löschen
Soll die automatisch gespeicherte Aktivität
wiederhergestellt werden?
Rareintuitions