WGU D430 fundamentals of information security latest update graded A+

WGU D430 fundamentals of information security latest update graded A+ Information security protecting data, software, and hardware secure against unauthorized access, use, disclosure, disruption, modification, or destruction. Compliance The requirements that are set forth by laws and industry regulations. IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government agencies DAD Triad Disclosure, alteration, and denial CIA Triad The core model of all information security concepts. Confidential, integrity and availability Confidential Ability to protect our data from those who are not authorized to view it. What ways can confidentiality be compromised? - lose a personal laptop with data - Person can view your password you are entering in - Send an email attachment to the wrong person. - Attacker can penetrate your systems....etc. integrity Keeping data unaltered by accidental or malicious intent How to maintain integrity? Prevent unauthorized changes to the data and the ability to reverse unwanted authorized changes. Via system/file permissions or Undo/Roll back undesirable changes. Availability The ability to access data when needed Ways Availability can be compromised - Power loss - Application issues - Network attacks - System compromised (DoS) Denial of Service (DoS) Security problem in which users are not able to access an information system; can be caused by human errors, natural disaster, or malicious activity. Parkerian hexad model A model that adds three more principles to the CIA triad: Possession/Control Utility Authenticity Possession/ control Refers to the physical disposition of the media on which the data is stored; This allows you to discuss loss of data via its physical medium. Principle of Possession example Lost package (encrypted USB's and unencrypted USB's) possession is an issue because the tapes are physically lost. (Unencrypted is compromised via confidentiality and possession; encrypted is compromised only via possession). Principle of Authenticity Allows you to say whether you've attributed the data in question to the proper owner/creator. Ways authenticity can be compromised Sending an email but altering the message to look like it came from someone else, than the original one that was sent. Utility How useful the data is to you. Ex. Unencrypted (a lot of utility) Encrypted (little utility). Security Attacks Broken down from the type of attack, risk the attack represents, and controls you might use to mitigate it. Types of attacks