Security + Chapter 1 Flashcards

Questions and Answers

What is information security?

Protection of available information or information resources. Necessary for a responsible individual or organization to secure confidential information. Minimize business risks and other consequences of losing crucial data.

What to protect?

Data and resources.

What is the goal of security regarding prevention?

Protect personal information, company information, and intellectual property.

What is the goal of security regarding detection?

Detection is discovering attempts to access unauthorized data or identifying lost information. Signup and view all the answers

What is the goal of security regarding recovery?

To employ a process to recover vital data from lost files or devices. Signup and view all the answers

What are vulnerabilities?

Conditions that leave a system open to attack. Signup and view all the answers

What is a threat?

An event or action that could violate a security requirement, policy, or procedure. Signup and view all the answers

What is an attack?

A technique used to exploit a vulnerability without authorization. Signup and view all the answers

What is an intrusion?

Accessing a computer system without authorization. Signup and view all the answers

What are risks?

Exposure to the chance of damage or loss. Signup and view all the answers

What are controls?

Countermeasures to avoid, mitigate, or counteract security risks. Signup and view all the answers

What are prevention controls?

Controls that prevent threats or attacks from exposing vulnerabilities. Signup and view all the answers

What are detection controls?

Controls that discover if a threat or vulnerability has entered a system. Signup and view all the answers

What are correction controls?

Controls that mitigate the consequences of threats or attacks. Signup and view all the answers

What is involved in the Security Management process - Identification?

Detecting problems and determining protection methods. Signup and view all the answers

What is involved in the Security Management process - Implementation?

Installing control mechanisms to prevent problems. Signup and view all the answers

What is involved in the Security Management process - Monitoring?

Detecting and solving security issues post-implementation. Signup and view all the answers

Study Notes

Information Security

Protects information and information resources to ensure confidentiality and minimize risks.
Essential for individuals and organizations to safeguard crucial data against loss.

What to Protect

Data: Refers to the information assets of individuals or organizations.
Resources: Include both virtual (files, memory locations, network connections) and physical components (devices) of a system.

Goals of Security: Prevention

Protect personal, company, and intellectual property information.
Breaches in any sector can lead to significant recovery efforts and losses.

Goals of Security: Detection

Involves identifying unauthorized access attempts or data losses.

Goals of Security: Recovery

Implements processes to recover crucial data from system crashes or storage device failures.
Recovery can also apply to physical resources.

Vulnerabilities

Situations that expose systems to attacks; can stem from various sources, including:
- Misconfigurations in hardware or software.
- Software bugs and design flaws.
- Poor physical security measures.
- Weak passwords and unchecked user inputs.

What is a Threat

Defined as any potential event or action that could breach security protocols.
Threats include unauthorized access, service interruptions, damage to hardware, and facility breaches.

What is an Attack

Techniques used to exploit vulnerabilities in applications without authorization.
Types of attacks consist of physical security breaches, network-based (including wireless), software exploitation, social engineering, and web application attacks.

What are Intrusions

Occur when unauthorized access to computer systems takes place.
Types of intrusions encompass physical intrusions, host-based, and network-based intrusions.

What are Risks

Involves exposure to potential damage or loss, notably in IT systems.
Ignoring risks can lead to catastrophic operational outages.

What are Controls

Countermeasures to mitigate security risks from threats or attacks.
Controls are solutions that support information security strategies, classified as prevention, detection, and correction.

Prevention Controls

Aim to prevent threats from exploiting vulnerabilities in systems.

Detection Controls

Help identify if threats or vulnerabilities have entered a computer system.

Correction Controls

Mitigate the impact of threats or attacks on computer systems.

Security Management Process: Identification

Involves detecting issues and determining protective measures.
Log security breach details and select identification techniques like Network Intrusion Detection Systems (NIDS).

Security Management Process: Implementation

Entails installing controls to protect systems.
Involves authenticating users and implementing security measures like intrusion detection (IDS) and prevention systems (IPS).

Security Management Process: Monitoring

Detects and resolves issues post-implementation of security controls.
Involves testing the effectiveness of controls against further attacks.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

Explore the fundamental concepts of information security with these flashcards from Chapter 1. Learn about the importance of protecting information and the types of assets that need safeguarding. Ideal for anyone studying Security + certification.