WGU C836 OA Study Guide (Overly
Informative)
CIA Triad - CORRECT ANSWER-Confidentiality, Integrity, Availability
Parkerian hexad - CORRECT ANSWER-Where the CIA triad consists of confidentiality,
integrity, and availability, the Parkerian hexad consists of these three principles, as well
as possession or control, authenticity, and utility
Confidentiality - CORRECT ANSWER-Refers to our ability to protect our data from
those who are not authorized to view it.
Confidentiality can be compromised by the loss of a laptop containing data, a person
looking over our shoulder while we type a password, an e-mail attachment being sent to
the wrong person, an attacker penetrating our systems, or similar issues.
Integrity - CORRECT ANSWER-Refers to the ability to prevent our data from being
changed in an unauthorized or undesirable manner. This could mean the unauthorized
change or deletion of our data or portions of our data, or it could mean an authorized,
but undesirable, change or deletion of our data. To maintain integrity, we not only need
to have the means to prevent unauthorized changes to our data but also need the ability
to reverse authorized changes that need to be undone.
Availability - CORRECT ANSWER-refers to the ability to access our data when we need
it. Loss of availability can refer to a wide variety of breaks anywhere in the chain that
allows us access to our data. Such issues can result from power loss, operating system
or application problems, network attacks, compromise of a system, or other problems.
When such issues are caused by an outside party, such as an attacker, they are
commonly referred to as a denial of service (DoS) attack.
Possession or Control - CORRECT ANSWER-Refers to the physical disposition of the
media on which the data is stored. This enables us, without involving other factors such
as availability, to discuss our loss of the data in its physical medium
An example is data store be on multiple devices and there could be numerous versions.
Authenticity - CORRECT ANSWER-Attribution as to the owner or creator of the data in
question.
,Authenticity can be enforced through the use of digital signatures.
Utility - CORRECT ANSWER-Refers to how useful the data is to us.
Interception - CORRECT ANSWER-Interception attacks allow unauthorized users to
access our data, applications, or environments and are primarily an attack against
confidentiality. Interception might take the form of unauthorized file viewing or copying,
eavesdropping on phone conversations, or reading e-mail, and can be conducted
against data at rest or in motion. Properly executed, interception attacks can be very
difficult to detect.
Affects Confidentiality
Interruption - CORRECT ANSWER-Interruption attacks cause our assets to become
unusable or unavailable for our use, on a temporary or permanent basis. Interruption
attacks often affect availability but can be an attack on integrity as well. In the case of a
DoS attack on a mail server, we would classify this as an availability attack.
Affects Integrity and availability
Modification - CORRECT ANSWER-Modification attacks involve tampering with our
asset. If we access a file in an unauthorized manner and alter the data it contains, we
have affected the integrity of the data contained in the file.
Fabrication - CORRECT ANSWER-Fabrication attacks involve generating data,
processes, communications, or other similar activities with a system. Fabrication attacks
primarily affect integrity but could be considered an availability attack as well. If we
generate spurious information in a database, this would be considered to be a
fabrication attack.
Affects Integrity and Availability
Threat - CORRECT ANSWER-Something that has potential to cause harm
Vulnerability - CORRECT ANSWER-Weaknesses that can be used to harm us
Risk - CORRECT ANSWER-Likeliness that something bad will happen
, Impact - CORRECT ANSWER-The value of the asset is used to assess if a risk is
present
Something you know - CORRECT ANSWER-Password or PIN
Something you are - CORRECT ANSWER-An authentication factor using biometrics,
such as a fingerprint scanner.
Something you have - CORRECT ANSWER-Authentication factor that relies on
possession (FOB, Card, Cell Phone, Key)
Something you do - CORRECT ANSWER-An authentication factor indicating action,
such as gestures on a touch screen.
Multifactor Authentication - CORRECT ANSWER-Uses one or more authentication
methods for access
Mutual Authentication - CORRECT ANSWER-A security mechanism that requires that
each party in a communication verify its identity.
Can be combine with multifactor authentication.
In mutual authentication, not only does the client authenticate to the server, but the
server authenticates to the client as well. Mutual authentication is often implemented
through the use of digital certificates. Both the client and the server would have a
certificate to authenticate the other.
Biometric: Universality - CORRECT ANSWER-Characteristics in the majority of people
we expect to enroll for the system.
Biometric: Uniqueness - CORRECT ANSWER-Measure of how unique a particular
characteristic is among individuals
Biometric: Permanence - CORRECT ANSWER-How well a particular characteristic
resists change over time and with advancing age.
Biometric: Collectability - CORRECT ANSWER-How easy it is to acquire a
characteristic with which we can later authenticate a user
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller stephanvdb04. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.