Security + Chapter 1 Flashcards

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Listen to an AI-generated conversation about this lesson
Download our mobile app to listen on the go
Get App

Questions and Answers

What is information security?

Protection of available information or information resources. Necessary for a responsible individual or organization to secure confidential information. Minimize business risks and other consequences of losing crucial data.

What to protect?

Data and resources.

What is the goal of security regarding prevention?

Protect personal information, company information, and intellectual property.

What is the goal of security regarding detection?

<p>Detection is discovering attempts to access unauthorized data or identifying lost information.</p>
Signup and view all the answers

What is the goal of security regarding recovery?

<p>To employ a process to recover vital data from lost files or devices.</p>
Signup and view all the answers

What are vulnerabilities?

<p>Conditions that leave a system open to attack.</p>
Signup and view all the answers

What is a threat?

<p>An event or action that could violate a security requirement, policy, or procedure.</p>
Signup and view all the answers

What is an attack?

<p>A technique used to exploit a vulnerability without authorization.</p>
Signup and view all the answers

What is an intrusion?

<p>Accessing a computer system without authorization.</p>
Signup and view all the answers

What are risks?

<p>Exposure to the chance of damage or loss.</p>
Signup and view all the answers

What are controls?

<p>Countermeasures to avoid, mitigate, or counteract security risks.</p>
Signup and view all the answers

What are prevention controls?

<p>Controls that prevent threats or attacks from exposing vulnerabilities.</p>
Signup and view all the answers

What are detection controls?

<p>Controls that discover if a threat or vulnerability has entered a system.</p>
Signup and view all the answers

What are correction controls?

<p>Controls that mitigate the consequences of threats or attacks.</p>
Signup and view all the answers

What is involved in the Security Management process - Identification?

<p>Detecting problems and determining protection methods.</p>
Signup and view all the answers

What is involved in the Security Management process - Implementation?

<p>Installing control mechanisms to prevent problems.</p>
Signup and view all the answers

What is involved in the Security Management process - Monitoring?

<p>Detecting and solving security issues post-implementation.</p>
Signup and view all the answers

Flashcards

Information Security

Protecting information and resources to ensure confidentiality and minimize risks.

Data

Information assets of individuals or organizations.

Resources

Virtual and physical components of a system, such as files and devices.

Prevention (Security Goal)

Preventing unauthorized access and protecting valuable information.

Signup and view all the flashcards

Detection (Security Goal)

Identifying unauthorized access attempts or data losses.

Signup and view all the flashcards

Recovery (Security Goal)

Restoring crucial data from system failures or device crashes.

Signup and view all the flashcards

Vulnerabilities

Situations exposing systems to attacks due to flaws or weaknesses.

Signup and view all the flashcards

Threat

Potential events that could breach security protocols.

Signup and view all the flashcards

Attack

Techniques to exploit application vulnerabilities without authorization.

Signup and view all the flashcards

Intrusion

Unauthorized access to computer systems.

Signup and view all the flashcards

Risk

Exposure to potential damage or loss in IT systems.

Signup and view all the flashcards

Controls

Countermeasures to mitigate security risks from threats or attacks.

Signup and view all the flashcards

Prevention Controls

Controls aimed at stopping threats from exploiting system vulnerabilities.

Signup and view all the flashcards

Detection Controls

Tools which help identify when threats have entered a system.

Signup and view all the flashcards

Correction Controls

Steps aimed at mitigating the damage caused by a threat.

Signup and view all the flashcards

Identification (Security Management)

Detecting issues and finding protective measures.

Signup and view all the flashcards

Implementation (Security Management)

Installing controls to protect systems, like user authentication.

Signup and view all the flashcards

Study Notes

Information Security

  • Protects information and information resources to ensure confidentiality and minimize risks.
  • Essential for individuals and organizations to safeguard crucial data against loss.

What to Protect

  • Data: Refers to the information assets of individuals or organizations.
  • Resources: Include both virtual (files, memory locations, network connections) and physical components (devices) of a system.

Goals of Security: Prevention

  • Protect personal, company, and intellectual property information.
  • Breaches in any sector can lead to significant recovery efforts and losses.

Goals of Security: Detection

  • Involves identifying unauthorized access attempts or data losses.

Goals of Security: Recovery

  • Implements processes to recover crucial data from system crashes or storage device failures.
  • Recovery can also apply to physical resources.

Vulnerabilities

  • Situations that expose systems to attacks; can stem from various sources, including:
    • Misconfigurations in hardware or software.
    • Software bugs and design flaws.
    • Poor physical security measures.
    • Weak passwords and unchecked user inputs.

What is a Threat

  • Defined as any potential event or action that could breach security protocols.
  • Threats include unauthorized access, service interruptions, damage to hardware, and facility breaches.

What is an Attack

  • Techniques used to exploit vulnerabilities in applications without authorization.
  • Types of attacks consist of physical security breaches, network-based (including wireless), software exploitation, social engineering, and web application attacks.

What are Intrusions

  • Occur when unauthorized access to computer systems takes place.
  • Types of intrusions encompass physical intrusions, host-based, and network-based intrusions.

What are Risks

  • Involves exposure to potential damage or loss, notably in IT systems.
  • Ignoring risks can lead to catastrophic operational outages.

What are Controls

  • Countermeasures to mitigate security risks from threats or attacks.
  • Controls are solutions that support information security strategies, classified as prevention, detection, and correction.

Prevention Controls

  • Aim to prevent threats from exploiting vulnerabilities in systems.

Detection Controls

  • Help identify if threats or vulnerabilities have entered a computer system.

Correction Controls

  • Mitigate the impact of threats or attacks on computer systems.

Security Management Process: Identification

  • Involves detecting issues and determining protective measures.
  • Log security breach details and select identification techniques like Network Intrusion Detection Systems (NIDS).

Security Management Process: Implementation

  • Entails installing controls to protect systems.
  • Involves authenticating users and implementing security measures like intrusion detection (IDS) and prevention systems (IPS).

Security Management Process: Monitoring

  • Detects and resolves issues post-implementation of security controls.
  • Involves testing the effectiveness of controls against further attacks.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

More Like This

HIPAA Security Rule Flashcards
35 questions
SRA Chapter 1 Flashcards
24 questions

SRA Chapter 1 Flashcards

EnthralledSaxhorn avatar
EnthralledSaxhorn
Use Quizgecko on...
Browser
Browser