CIA Triad in Information Security

Questions and Answers

Which method is NOT typically associated with ensuring data integrity?

Backup and recovery systems

Checksums

Encryption (correct)

Digital signatures

What is the primary goal of accountability in a security context?

To track user actions and monitor behavior (correct)

To ensure data is available when needed

To control user access rights

To confirm user identities

Which principle best describes the need to restrict user permissions to only what is necessary?

Minimum necessary access

Least privilege (correct)

Integrity

Non-repudiation

Which option is primarily associated with verification of user identity?

Authentication Signup and view all the answers

Which example illustrates a security measure for ensuring data availability?

Failover systems Signup and view all the answers

What does non-repudiation help to establish?

Proof of an action having occurred Signup and view all the answers

Which of the following best defines authorization?

Controlling access based on user roles and privileges Signup and view all the answers

Which strategy effectively mitigates the risks associated with user access rights?

Just-In-Time access Signup and view all the answers

Study Notes

Confidentiality

Protection of sensitive information from unauthorized access, use, disclosure, modification, or destruction
Ensures that only authorized entities have access to information
Examples: encryption, access control, passwords

Integrity

Protection of data from unauthorized modification, deletion, or alteration
Ensures that data is accurate, complete, and not modified without authorization
Examples: digital signatures, checksums, backup and recovery systems

Availability

Ensuring that data and systems are accessible and usable when needed
Protection against denial of service (DoS) and distributed denial of service (DDoS) attacks
Examples: redundancy, failover systems, disaster recovery plans

Authentication

Verifying the identity of users, systems, or entities
Ensures that only authorized entities have access to resources
Examples: username/password, biometric authentication, Kerberos

Authorization

Controlling access to resources based on user identity, role, or privileges
Ensures that users only have access to resources they are authorized to use
Examples: access control lists (ACLs), role-based access control (RBAC), mandatory access control (MAC)

Accountability

Tracking and monitoring user actions and activities
Ensures that users are responsible for their actions and can be held accountable
Examples: auditing, logging, intrusion detection systems

Non-Repudiation

Ensuring that a user cannot deny having performed an action
Provides proof of ownership or origin of data
Examples: digital signatures, timestamps, receipts

Least Privilege

Granting users and systems only the minimum privileges necessary to perform their tasks
Reduces the attack surface and limits the damage in case of a breach
Examples: principle of least privilege, segregation of duties, Just-In-Time (JIT) access

Confidentiality

Protects sensitive information from unauthorized access, use, disclosure, modification, or destruction.
Authorized entities are guaranteed access to sensitive data.
Utilizes methods like encryption, access control, and passwords to safeguard information.

Integrity

Safeguards data from unauthorized modification, deletion, or alteration.
Ensures data remains accurate, complete, and unaltered without permission.
Employs tools such as digital signatures, checksums, and backup and recovery systems to maintain data validity.

Availability

Guarantees that data and systems are accessible and operational when required.
Protects against attacks like denial of service (DoS) and distributed denial of service (DDoS).
Implements strategies such as redundancy, failover systems, and disaster recovery plans to enhance system availability.

Authentication

Confirms the identity of users, systems, or entities seeking access.
Ensures resource access is restricted to authorized parties only.
Common methods include username/password combinations, biometric authentication, and Kerberos security protocol.

Authorization

Governs access to resources by evaluating user identity, role, or privileges.
Guarantees users access solely to resources they are permitted to use.
Utilizes models such as access control lists (ACLs), role-based access control (RBAC), and mandatory access control (MAC) to enforce permissions.

Accountability

Involves tracking and monitoring user actions and activities to ensure responsibility.
Makes users accountable for their actions within a system.
Techniques include auditing, logging activities, and utilizing intrusion detection systems.

Non-Repudiation

Ensures that a user cannot deny participation in a specific action or transaction.
Provides verifiable proof of data ownership or origin.
Techniques include using digital signatures, timestamps, and receipts to guarantee actions are traceable.

Least Privilege

Grants users and systems the minimum necessary privileges to execute their functions.
Aims to minimize potential attack vectors and mitigate damage during a security breach.
Implements principles such as least privilege, segregation of duties, and Just-In-Time (JIT) access.

Description

This quiz covers the core principles of Confidentiality, Integrity, and Availability in Information Security. Learn about protecting sensitive information from unauthorized access and ensuring data accuracy.