Cybersecurity and the CIA Triad

Questions and Answers

Which of the following is NOT a common method of authentication?

• Something you are, such as biometrics
• Something you have, such as tokens
• Something you wish, hoping your request gets accepted (correct)
• Something you know, such as passwords

Non-repudiation ensures that an individual can falsely deny performing an action.

False (B)

What are the three elements of the CIA triad?

Confidentiality, integrity, and availability

A _______ is a gap or weakness in security protection efforts.

vulnerability

Match the risk treatment strategies with their descriptions:

Avoidance = Decision to eliminate the risk entirely. Acceptance = Taking no action to reduce the likelihood of a risk occurring. Mitigation = Taking actions to prevent or reduce the possibility or impact of a risk event. Risk Transference = Passing the risk to another party in exchange for payment.

Which security control involves the use of badge readers?

Physical controls (C)

Regulations are guidelines or advisories aimed at the people within the organization.

False (B)

What is the main goal of cryptography?

Making information secure by encoding it

__________ is an unencrypted message

plaintext

Which algorithm is one in which encryption and decryption are both performed by the same secret key?

Symmetric (A)

Flashcards

Data Integrity

Ensuring data isn't altered unauthorized, covering data in storage, processing, and transit.

Authentication

Verifying a user's identity using methods like passwords or biometrics.

Privacy

The right to control the distribution of personal information.

Information Security Risk

Factors that increase the chance of a negative impact due to a vulnerability exploit.

Asset

Something of value that needs protection, tangible or intangible.

Vulnerability

A weakness that can be exploited.

Threat

Someone or something that exploits a vulnerability.

Risk Assessment

A process to identifies and ranks potential risks.

Risk Treatment

Actions taken to manage identified and prioritized risks.

Standards

A standard providing framework for policies and procedures.

Study Notes

• Cybersecurity aims to protect digital information and systems from various risks.

CIA Triad

• Confidentiality ensures data is protected from unauthorized access and disclosure.
• Integrity ensures data remains whole, complete, consistent, and unaltered by unauthorized means.
• Availability ensures timely and reliable access to data and information services for authorized users.

Confidentiality Measures

• Security professionals regulate data access, protecting sensitive information while allowing authorized access.
• Personally Identifiable Information (PII) is any data that can identify an individual.
• Protected Health Information (PHI) includes information regarding one's health status.
• Classified or sensitive information includes trade secrets, business plans, and intellectual property.

Integrity Assessment

• Integrity measures the wholeness, completeness, consistency, and correctness of data.
• Data integrity ensures data remains unaltered during storage, processing, and transit.
• System integrity ensures the system performs its intended function without unauthorized manipulation.

Availability Definition

• Availability provides timely and reliable access to information and the ability to use it.
• It assures authorized users can access data and information services promptly.

Authentication Methods

• Authentication verifies a user's identity using:
• Knowledge-based: Passwords or passphrases
• Possession-based: Tokens, memory cards, smart cards
• Biometrics: Measurable characteristics

Authentication Types

• Single-Factor Authentication (SFA) uses one method.
• Multi-Factor Authentication (MFA) uses multiple methods.
• Non-repudiation prevents individuals from falsely denying their actions.

Privacy and Data Protection

• Privacy ensures individuals control the distribution of their information.
• General Data Protection Regulation (GDPR) applies to organizations processing data in the EU.

Information Security Risk

• Risk involves potential adverse impacts from unauthorized access, use, disclosure, disruption, modification, or destruction of information systems.

Risk Management Terminology

• Asset represents anything of value requiring protection, both tangible and intangible.
• Vulnerability is a weakness in protection efforts.
• Threat intends to exploit a vulnerability to thwart protection.

Threat Actors

• Insiders may act deliberately, due to error, or incompetence.
• Outside individuals/groups may be planned or opportunistic.
• Formal nonpolitical entities include business competitors and cybercriminals.
• Formal political entities include terrorists, nation-states, and hacktivists.
• Intelligence/information gatherers can be any of the above.
• Technology includes bots and AI.

Risk Management Processes

• Risk assessment identifies, estimates, and prioritizes risks.
• Risk treatment involves decisions on how to manage identified risks, including:

Risk Treatments

• Avoidance eliminates the risk entirely.
• Acceptance takes no action to reduce risk.
• Mitigation prevents or reduces risk impact.
• Transference passes risk to another party in exchange for payment.

Cybersecurity Frameworks

• Identify security policies and capabilities, evaluate risks, and suggest controls.
• Protect IT assets via secure procurement, development, installation, operation, and decommissioning.
• Detect threats through continuous monitoring.
• Respond by identifying, analyzing, containing, and eradicating threats.
• Recover systems and data using cybersecurity resilience.

Security Controls

• Security controls safeguard or countermeasure for an information system; include:
• Physical controls involve hardware devices and architectural features.
• Technical/logical controls use computer systems and networks.
• Administrative/managerial controls are advisories aimed at people within the organization.

Access Controls

• RBAC Permissions are granted based on user roles.
• ACL establishes granular permissions using access control entries.

Governance Elements Definition

• Procedures are detailed steps that support policies.
• Policies are put in place by organizational governance.
• Standards create a framework to support regulations.
• Regulations are laws that carry financial penalties.

Legal and Standards Compliance

• HIPAA governs protected health information (PHI) use, violations of which may result in fines/imprisonment.
• ISO develops international standards, including information security.
• NIST is a U.S. agency that publishes technical standards.
• IETF sets standards for communication protocols.
• IEEE sets standards for telecommunications and similar disciplines.

Guidance Documents

• Policy is broad, but not detailed.
• Governance policies are used to moderate and control decision-making.
• Procedures contains explicit activities necessary to perform specific tasks.

Cryptography Basics

• Cryptographic algorithms encode/decode data.
• Modern systems use symmetric and asymmetric algorithms.
• Cryptography makes information secure by encoding it.
• Plaintext/cleartext is an unencrypted message.
• Ciphertext message is encrypted.
• Algorithm is the process to encrypt and decrypt a message.
• Cryptanalysis cracks cryptographic systems.

Encryption

• Encryption uses a cryptographic process that encodes data for secure storage and transmission, decrypted only by authorized users.
• A key with the encryption cipher only authorizes decryption.
• A symmetric algorithm encrypts and decrypts with the same secret key.

Encryption Keys

• Encryption algorithms uses a key to increase security.
• Keyspace a range of values that the key could be.
• Modern ciphers use large key spaces where there are trillions of possible key values.
• Modern symmetric ciphers use a pseudo randomly generated number of bits which makes up the key length.

Asymmetric Encryption

• Asymmetric encryption entails encrypting and decrypting with two different, linked keys in a pair.
• Only the paired private key can decrypt a message encrypted with a public key.

Hashing Functions

• Hashing produces fixed-length bit strings output from any length of plaintext.
• This output is called a hash or message digest.
• Secure Hash Algorithm (SHA) is considered the strongest hashing algorithm.
• SHA variants generate different-sized outputs.
• SHA256, the most popular variant, produces a 256-bit digest.

Message Digest Algorithm (MD5)

• Message Digest Algorithm (MD5) producex a 128-bit digest.
• MD5 is not as safe to use as SHA256 but might be required for compatibility between security products.

Digital Signatures Overview

• Digital signatures authenticate a sender via their private key.
• Hashing provides integrity by computing a fixed-size message digest.
• These ciphers combine to create a digital signature.
• Public Key Infrastructure (PKI) framework establishes trust when signing messages via digital certificates.
• PKI uses private or third party CAs.

CA Types

• A private CA can be set up within an organization for internal communications.
• In public/business communications, a third-party CA establishes trust between servers and clients.
• A digital certificate is essentially a wrapper for a subject's public key, including subject and issuer information.
• Encryption maintains confidentiality when data is stolen or intercepted during transfer.

Data States

• Data at rest persists in storage media.
• Data in transit/motion transmits over a network.
• Data in use/processing is present in volatile memory.
• Encrypting megabytes of data is bulk.
• Encryption bulk data encryption uses a symmetric cipher, such as AES.

Disk and File Encryption

• Full-disk encryption (FDE) encrypts the entire disk including the OS.
• Volume encryption encrypts an entire storage volume.
• File encryption encrypts individual files/folders.

Transport Encryption

• Transport or communication encryption protects data in motion.
• Wi-Fi Protected Access (WPA) secures wireless network traffic.
• Internet Protocol Security (IPSec) secures traffic over public networks; referred to as VPN.
• Transport Layer Security (TLS) secures application data, such as web or email data, over public networks.