WGU D430 2024 UPDATE COMPREHENSIVE
OBJECTIVE ASSESSMENT [FUNDAMENTALS OF
INFORMATION SECURITY] VERIFIED A+ RATE
Modification
Attacks involve tampering with our asset. Such attacks might primarily be considered an
integrity attack, but could also be an availability attack.
Fabrication
Attacks involve generating data, processes, communications, or other similar activities
with a system. Attacks primarily affect integrity but can be considered an availability
attack.
What ways can confidentiality be compromised?
- lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
Information security
Keeping data, software, and hardware secure against unauthorized access, use,
disclosure, disruption, modification, or destruction.
Compliance
The requirements that are set forth by laws and industry regulations. Example : HIPPA/
HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government
agencies
CIA
The core model of all information security. Confidential, integrity and availability
Confidential
Allowing only those authorized to access the data requested
integrity
Keeping data unaltered by accidental or malicious intent
Availability
The ability to access data when needed
Parkerian hexad model
Confidentiality , integrity, availability, possession/control, authenticity, utility
Possession/ control
Refers to the physical disposition of the media on which the data is stored
authenticity
Allows us to talk about the proper attribution as to the owner or creator of the data in
question
Utility
How useful the data is to us
Types of attacks
,1- interception
2- interruption
3- modification
4- fabrication
Interception
Attacks allows unauthorized users to access our data, applications, or environments.
Are primarily an attack against confidentiality
Interruption
Attacks cause our assets to become unstable or unavailable for our use, on a temporary
or permanent basis. This attack affects availability but can also attack integrity
Risk
The likelihood that a threat will occur. There must be a threat and vulnerability
Threat
Any event being man-made, natural or environmental that could damage the assets
Vulnerabilities
Weakness that a threat event or the threat can take advantage of
Impact
taking into account the assets cost
Controls
The ways we protect assets. Physical, technical/ logical, and administrative
Physical controls
Controls are physical items that protect assets. Think of locks, doors, guards and fences
Technical/ logical controls
Controls are devices and software that protect assets. Think of firewalls, av, ids, and ips
Administrative controls
Controls are the policies that organizations create for governance. Ex: email policies
risk mamagement
A constant process as assets are purchased, used and retired. The general steps are 1-
identify assets
2- identify threats
3- assess vulnerabilities
4- assess risk
5- mitigating risks
Identify assets
First and most important part or risk management. Identifying and categorizing the
assets we are protecting
Identify threats
Once we have our critical assets we can identify the threats that might effect them
Assess Vulnerabilities
Look at potential threats. any given asset may have thousand or millions of threats that
could impact it, but only a small fraction of the threats will be relevant
Assess risks
Once we have identified the threats and vulnerabilities for a given asset we can access
the overall risk
Mitigating risks
Putting measures in place to help ensure that a given type of threat is accounted for
, Incident response
Response to when risk management practices have failed and have cause an
inconvenience to a disastrous event
Incident response cycle
1 preparation
2- detection and analysis
3- containment
4- eradication
5- recovery
6- post incident activity
Preparation phase
The preparation phase consists of all of the activities that we can preform in advance of
the incident itself in order to better enable us to handle it
Detection and analysis phase
Where the action begins to happen. We will detect the occurrence of an issue and
decide whether or not it is actually an incident so that we can respond
Containment phase
Taking steps to ensure that the situation does not cause any more damage than it
already has, or to at least lessen any ongoing harm.
Eradication phase
We will attempt to remove the effects of the issue from our environment
Recovery phase
Recover to a better state that we were prior to the incident or perhaps prior to when the
issue started if we did not detect it immediately
Post incident activity phase
We attempt to determine specifically what happened, why it happened, and what we
can do to keep it from happening again.
Defense in depth
Layering of security controls is more effective and secure than relying on a single
control
Identity
Who or what we claim to be ( username)
Authentication
The act of proving who or what we claim to be (password)
Identity verification
The half step between identity and authentication (showing two forms of Id)
single-factor authentication
Involves the use of simply one of the three available factors solely in order to carry out
the authentication process being requested
Dual-factor authentication
An authentication method that includes multiple methods for a single authentication
transaction. Often referred to as "something you have and something you know," when
the factors include a device such as a smart card and a secret such as a password or
PIN.
Multi-factor authentication
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller MEGAMINDS. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
