WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
Define the confidentiality, integrity, avail- the core model of all of information secu-
ability *(CIA) triad*. rity
*Confidential* is allowing only those *au-
thorized to access* the data requested.
Differentiate *confidentiality*, *integrity*, *Integrity* is keeping *data unaltered* by
and *availability*. Accidental or Malicious intent.
*Availability* is the ability to *access*
data when needed.
keeping data, software, and hardware
secure against unauthorized access,
Define *information security*.
use, disclosure, disruption, modification,
or destruction
Assets should always be protected by Most important: people, data
value to the organization in this order: Least important: hardware/software
CIA triad plus:
*Possession/Control*: the *physical dis-
position* of the media on which the data
Define the *Parkerian Hexad* and its is stored.
principles. *Authenticity*: allows us to talk about the
proper *attribution as to the owner or cre-
ator* of the data in question.
*Utility*: how *useful* the data is to us.
*Interception*: allow *unauthorized users
to access* our data, applications, or en-
vironments.
*Interruption*: cause our assets to be-
come *unusable or unavailable* for our
Identify the *four types of attacks*. use, on a temporary or permanent basis.
*Modification*: involve *tampering* with
our asset.
*Fabrication*: involve *generating data,
processes, communications*, or other
similar activities with a system.
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
*Risk*: the *likelihood* that an event will
occur. To have risk there must be a threat
and vulnerability.
*Threats*: any *events* being
man-made, natural or environmental that
Compare *threats*, *vulnerabilities*,
could cause damage to assets.
*risk*, and *impact*.
*Vulnerabilities*: a *weakness* that a
threat event or the threat agent can take
advantage of.
*Impact*: an additional step that is taking
into account the *asset's cost*.
Identify assets
Identify threats
Define the *risk management process*
Assess vulnerabilities
and its stages.
Assess risks
Mitigating risks
the 6 step response cycle when *risk
management practices have failed* and
Define the *incident response process*.
have caused an inconvenience to a dis-
astrous event.
Preparation
Detection and analysis
Containment
Define the *incident response process* Eradication
stages. Recovery
Post incident activity (postmortem)
(*P*ole *DA*ncing *C*ats *E*yeballed
*R*abid *P*orcupines)
*layering multiple controls* on top on one
another.
(Example: Using the 3 control types in
Define *defense in depth*.
multiple overlapping protections. Locks
on hardware server cabinets, multilayers
of authentication and policies that control
visitors in the building.)
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
requirements that are set forth by
Define *compliance*, including *regula-
*laws and industry regulations* (HIP-
tory* and *industry* compliance.
PA/HITECH, PCI-DSS, FISMA)
*Physical*: physical items that protect
assets think locks, doors, guards, and,
fences.
*Technical/Logical*: devices and soft-
Identify types of *controls* to mitigate
ware that protect assets think firewalls,
risk.
AV, IDS, and IPS.
*Administrative*: policies that organiza-
tions create for governance an example
acceptable use and email use policies.
Data
Application
Identify the layers of a *de- Host
fense-in-depth* strategy. Internal Network
External Network
(Network Perimeter)
DMZ
VPN
Identify the defensive measures in the
Logging
*external network* layer of the *de-
Auditing
fense-in-depth* strategy.
Penetration testing
Vulnerability analysis
Firewalls
Proxy
Identify the defensive measures in the Logging
*network perimeter* layer of the *de- Stateful packet inspection
fense-in-depth* strategy. Auditing
Penetration testing
Vulnerability analysis
IDS
IPS
Identify the defensive measures in the
Logging
*internal network* layer of the *de-
Auditing
fense-in-depth* strategy.
Penetration testing
Vulnerability analysis
, WGU C836 Fundamentals of Information Security
Study online at https://quizlet.com/_b6cp3v
Authentication
Antivirus
Firewalls
IDS
Identify the defensive measures in the IPS
*host* layer of the *defense-in-depth* Passwords
strategy. Hashing
Logging
Auditing
Penetration testing
Vulnerability analysis
SSO
Content filtering
Identify the defensive measures in
Data validation
the *application* layer of the *de-
Auditing
fense-in-depth* strategy.
Penetration testing
Vulnerability analysis
Encryption
Identify the defensive measures in the Access controls
*data* layer of the *defense-in-depth* Backups
strategy. Penetration testing
Vulnerability analysis
primary controls used to manage risk in
your environment and have the following
characteristics:
1. They provide a reasonable degree of
Key controls assurance that the risk will be mitigated.
2. If the control fails, it is unlikely that
another control could take over for it.
3. The failure of this control will affect an
entire process.
replace impractical or unfeasible key
Compensating controls
controls
Monitoring
To *maintain compliance* over time, you Reviewing
can cycle through what set of activities Document
Report
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TheAlphaNurse. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.
