WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY
1. Information security: protecting data, software, and hardware secure against
unauthorized access, use, disclosure, disruption, modification, or destruction.
2. Compliance: The requirements that are set forth by laws and industry regula-
tions.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal
government agencies
3. DAD Triad: Disclosure, alteration, and denial
4. CIA Triad: The core model of all information security concepts. Confidential,
integrity and availability
5. Confidential: Ability to protect our data from those who are not authorized to view
it.
6. What ways can confidentiality be compromised?: - lose a personal laptop with
data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems ... etc.
7. integrity: Keeping data unaltered by accidental or malicious intent
8. How to maintain integrity?: Prevent unauthorized changes to the data and the
ability to reverse unwanted authorized changes.
Via system/file permissions or Undo/Roll back undesirable changes.
9. Availability: The ability to access data when needed
10. Ways Availability can be compromised: - Power loss
- Application issues
- Network attacks
- System compromised (DoS)
11. Denial of Service (DoS): Security problem in which users are not able to access
an information system; can be caused by human errors, natural disaster, or malicious
activity.
12. Parkerian hexad model: A model that adds three more principles to the CIA
triad:
, WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY
Possession/Control
Utility
Authenticity
13. Possession/ control: Refers to the physical disposition of the media on which
the data is stored; This allows you to discuss loss of data via its physical medium.
, WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY
14. Principle of Possession example: Lost package (encrypted USB's and unen-
crypted USB's)
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is com-
promised only via possession).
15. Principle of Authenticity: Allows you to say whether you've attributed the data
in question to the proper owner/creator.
16. Ways authenticity can be compromised: Sending an email but altering the
message to look like it came from someone else, than the original one that was
sent.
17. Utility: How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
18. Security Attacks: Broken down from the type of attack, risk the attack repre-
sents, and controls you might use to mitigate it.
19. Types of attacks: 1- interception
2- interruption
3- modification
4- fabrication
20. Interception: Attacks allows unauthorized users to access our data, applica-
tions, or environments.
Primarily an attack against confidentiality
21. Interception Attack Examples: Unauthorized file viewing, copying, eavesdrop-
ping on phone conversations, reading someone's emails.
22. Interruption: Attacks cause our assets to become unstable or unavailable for
our use, on a temporary or permanent basis.
This attack affects availability but can also attack integrity
23. Interruption Attack Examples: DoS attack on a mail server; availability attack
Attacker manipulates the processes on which a database runs to prevent access;
integrity attack.
Could also be a combo of both.
24. Modification: Attacks involve tampering with our asset.
SECURITY
1. Information security: protecting data, software, and hardware secure against
unauthorized access, use, disclosure, disruption, modification, or destruction.
2. Compliance: The requirements that are set forth by laws and industry regula-
tions.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal
government agencies
3. DAD Triad: Disclosure, alteration, and denial
4. CIA Triad: The core model of all information security concepts. Confidential,
integrity and availability
5. Confidential: Ability to protect our data from those who are not authorized to view
it.
6. What ways can confidentiality be compromised?: - lose a personal laptop with
data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems ... etc.
7. integrity: Keeping data unaltered by accidental or malicious intent
8. How to maintain integrity?: Prevent unauthorized changes to the data and the
ability to reverse unwanted authorized changes.
Via system/file permissions or Undo/Roll back undesirable changes.
9. Availability: The ability to access data when needed
10. Ways Availability can be compromised: - Power loss
- Application issues
- Network attacks
- System compromised (DoS)
11. Denial of Service (DoS): Security problem in which users are not able to access
an information system; can be caused by human errors, natural disaster, or malicious
activity.
12. Parkerian hexad model: A model that adds three more principles to the CIA
triad:
, WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY
Possession/Control
Utility
Authenticity
13. Possession/ control: Refers to the physical disposition of the media on which
the data is stored; This allows you to discuss loss of data via its physical medium.
, WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY
14. Principle of Possession example: Lost package (encrypted USB's and unen-
crypted USB's)
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is com-
promised only via possession).
15. Principle of Authenticity: Allows you to say whether you've attributed the data
in question to the proper owner/creator.
16. Ways authenticity can be compromised: Sending an email but altering the
message to look like it came from someone else, than the original one that was
sent.
17. Utility: How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
18. Security Attacks: Broken down from the type of attack, risk the attack repre-
sents, and controls you might use to mitigate it.
19. Types of attacks: 1- interception
2- interruption
3- modification
4- fabrication
20. Interception: Attacks allows unauthorized users to access our data, applica-
tions, or environments.
Primarily an attack against confidentiality
21. Interception Attack Examples: Unauthorized file viewing, copying, eavesdrop-
ping on phone conversations, reading someone's emails.
22. Interruption: Attacks cause our assets to become unstable or unavailable for
our use, on a temporary or permanent basis.
This attack affects availability but can also attack integrity
23. Interruption Attack Examples: DoS attack on a mail server; availability attack
Attacker manipulates the processes on which a database runs to prevent access;
integrity attack.
Could also be a combo of both.
24. Modification: Attacks involve tampering with our asset.
