WGU C836 OA Exam Study Guide – Organizational Behavior Practice & Prep
CIA Triad - (answer)Confidentiality, Integrity, Availability
Parkerian hexad - (answer)Where the CIA triad consists of confidentiality, integrity, and availability, the
Parkerian hexad consists of these three principles, as well as possession or control, authenticity, and
utility
Confidentiality - (answer)Refers to our ability to protect our data from those who are not authorized to
view it.
Confidentiality can be compromised by the loss of a laptop containing data, a person looking over our
shoulder while we type a password, an e-mail attachment being sent to the wrong person, an attacker
penetrating our systems, or similar issues.
Integrity - (answer)Refers to the ability to prevent our data from being changed in an unauthorized or
undesirable manner. This could mean the unauthorized change or deletion of our data or portions of our
data, or it could mean an authorized, but undesirable, change or deletion of our data. To maintain
integrity, we not only need to have the means to prevent unauthorized changes to our data but also
need the ability to reverse authorized changes that need to be undone.
Availability - (answer)refers to the ability to access our data when we need it. Loss of availability can
refer to a wide variety of breaks anywhere in the chain that allows us access to our data. Such issues can
result from power loss, operating system or application problems, network attacks, compromise of a
system, or other problems. When such issues are caused by an outside party, such as an attacker, they
are commonly referred to as a denial of service (DoS) attack.
Possession or Control - (answer)Refers to the physical disposition of the media on which the data is
stored. This enables us, without involving other factors such as availability, to discuss our loss of the
data in its physical medium
An example is data store be on multiple devices and there could be numerous versions.
Authenticity - (answer)Attribution as to the owner or creator of the data in question.
,WGU C836 OA Exam Study Guide – Organizational Behavior Practice & Prep
Authenticity can be enforced through the use of digital signatures.
Utility - (answer)Refers to how useful the data is to us.
Interception - (answer)Interception attacks allow unauthorized users to access our data, applications, or
environments and are primarily an attack against confidentiality. Interception might take the form of
unauthorized file viewing or copying, eavesdropping on phone conversations, or reading e-mail, and can
be conducted against data at rest or in motion. Properly executed, interception attacks can be very
difficult to detect.
Affects Confidentiality
Interruption - (answer)Interruption attacks cause our assets to become unusable or unavailable for our
use, on a temporary or permanent basis. Interruption attacks often affect availability but can be an
attack on integrity as well. In the case of a DoS attack on a mail server, we would classify this as an
availability attack.
Affects Integrity and availability
Modification - (answer)Modification attacks involve tampering with our asset. If we access a file in an
unauthorized manner and alter the data it contains, we have affected the integrity of the data contained
in the file.
Fabrication - (answer)Fabrication attacks involve generating data, processes, communications, or other
similar activities with a system. Fabrication attacks primarily affect integrity but could be considered an
availability attack as well. If we generate spurious information in a database, this would be considered
to be a fabrication attack.
Affects Integrity and Availability
Threat - (answer)Something that has potential to cause harm
, WGU C836 OA Exam Study Guide – Organizational Behavior Practice & Prep
Vulnerability - (answer)Weaknesses that can be used to harm us
Risk - (answer)Likeliness that something bad will happen
Impact - (answer)The value of the asset is used to assess if a risk is present
Something you know - (answer)Password or PIN
Something you are - (answer)An authentication factor using biometrics, such as a fingerprint scanner.
Something you have - (answer)Authentication factor that relies on possession (FOB, Card, Cell Phone,
Key)
Something you do - (answer)An authentication factor indicating action, such as gestures on a touch
screen.
Multifactor Authentication - (answer)Uses one or more authentication methods for access
Mutual Authentication - (answer)A security mechanism that requires that each party in a
communication verify its identity.
Can be combine with multifactor authentication.
In mutual authentication, not only does the client authenticate to the server, but the server
authenticates to the client as well. Mutual authentication is often implemented through the use of
digital certificates. Both the client and the server would have a certificate to authenticate the other.
Biometric: Universality - (answer)Characteristics in the majority of people we expect to enroll for the
system.
CIA Triad - (answer)Confidentiality, Integrity, Availability
Parkerian hexad - (answer)Where the CIA triad consists of confidentiality, integrity, and availability, the
Parkerian hexad consists of these three principles, as well as possession or control, authenticity, and
utility
Confidentiality - (answer)Refers to our ability to protect our data from those who are not authorized to
view it.
Confidentiality can be compromised by the loss of a laptop containing data, a person looking over our
shoulder while we type a password, an e-mail attachment being sent to the wrong person, an attacker
penetrating our systems, or similar issues.
Integrity - (answer)Refers to the ability to prevent our data from being changed in an unauthorized or
undesirable manner. This could mean the unauthorized change or deletion of our data or portions of our
data, or it could mean an authorized, but undesirable, change or deletion of our data. To maintain
integrity, we not only need to have the means to prevent unauthorized changes to our data but also
need the ability to reverse authorized changes that need to be undone.
Availability - (answer)refers to the ability to access our data when we need it. Loss of availability can
refer to a wide variety of breaks anywhere in the chain that allows us access to our data. Such issues can
result from power loss, operating system or application problems, network attacks, compromise of a
system, or other problems. When such issues are caused by an outside party, such as an attacker, they
are commonly referred to as a denial of service (DoS) attack.
Possession or Control - (answer)Refers to the physical disposition of the media on which the data is
stored. This enables us, without involving other factors such as availability, to discuss our loss of the
data in its physical medium
An example is data store be on multiple devices and there could be numerous versions.
Authenticity - (answer)Attribution as to the owner or creator of the data in question.
,WGU C836 OA Exam Study Guide – Organizational Behavior Practice & Prep
Authenticity can be enforced through the use of digital signatures.
Utility - (answer)Refers to how useful the data is to us.
Interception - (answer)Interception attacks allow unauthorized users to access our data, applications, or
environments and are primarily an attack against confidentiality. Interception might take the form of
unauthorized file viewing or copying, eavesdropping on phone conversations, or reading e-mail, and can
be conducted against data at rest or in motion. Properly executed, interception attacks can be very
difficult to detect.
Affects Confidentiality
Interruption - (answer)Interruption attacks cause our assets to become unusable or unavailable for our
use, on a temporary or permanent basis. Interruption attacks often affect availability but can be an
attack on integrity as well. In the case of a DoS attack on a mail server, we would classify this as an
availability attack.
Affects Integrity and availability
Modification - (answer)Modification attacks involve tampering with our asset. If we access a file in an
unauthorized manner and alter the data it contains, we have affected the integrity of the data contained
in the file.
Fabrication - (answer)Fabrication attacks involve generating data, processes, communications, or other
similar activities with a system. Fabrication attacks primarily affect integrity but could be considered an
availability attack as well. If we generate spurious information in a database, this would be considered
to be a fabrication attack.
Affects Integrity and Availability
Threat - (answer)Something that has potential to cause harm
, WGU C836 OA Exam Study Guide – Organizational Behavior Practice & Prep
Vulnerability - (answer)Weaknesses that can be used to harm us
Risk - (answer)Likeliness that something bad will happen
Impact - (answer)The value of the asset is used to assess if a risk is present
Something you know - (answer)Password or PIN
Something you are - (answer)An authentication factor using biometrics, such as a fingerprint scanner.
Something you have - (answer)Authentication factor that relies on possession (FOB, Card, Cell Phone,
Key)
Something you do - (answer)An authentication factor indicating action, such as gestures on a touch
screen.
Multifactor Authentication - (answer)Uses one or more authentication methods for access
Mutual Authentication - (answer)A security mechanism that requires that each party in a
communication verify its identity.
Can be combine with multifactor authentication.
In mutual authentication, not only does the client authenticate to the server, but the server
authenticates to the client as well. Mutual authentication is often implemented through the use of
digital certificates. Both the client and the server would have a certificate to authenticate the other.
Biometric: Universality - (answer)Characteristics in the majority of people we expect to enroll for the
system.
