SSCP Flashcards| 292 QUESTIONS| WITH COMPLETE SOLUTIONS

CIANA Security Paradigm correct answer: 1. Confidentiality 2. Integrity 3. Authorization 4. Nonrepudiation 5. Authentication Confidentiality correct answer: violated if any process or person can read, copy, redistribute, or make use of data we deem private or of competitive advantage worthy of protection as trade secrets, proprietary, or restricted information ; the first of the CIANA security paradigm ; sharing secrets ; legal and ethical concept abut privileged communications or privileged information ; How much we can trust that the information we're about to use to make a decision has not been seen by unauthorized people Integrity correct answer: lost if any person or process can modify data or metadata, or execute processes out of sequence or with bad input data ; the second of the CIANA security paradigm ; something is whole and complete and its parts are smoothly joined together Authorization correct answer: Granting of permission to use data - cannot make sense if there's no way to validate to whom or what we are granting that permission ; the third of the CIANA security paradigm ; requires a 2 step process and is the 2nd step of the triple A of identity management and access control 1. Assigning privileges during provisioning (which permissions or privileges to grant to an identity and whether additional constraints or conditions apply to those permissions) 2. Authorizing a specific access request - determine whether specifics of the access request are allowed by the permissions et in the access control tables Nonrepudiation correct answer: Can't exist if we can't validate or prove that the person or process in question is in fact who they claim to be and that their identity hasn't been spoofed by a man-in the middle kind fo attacker ; the fourth of the CIANA security paradigm ; use of public key infrastructure and its use of asymmetric encryption Availability correct answer: Rapidly dwindles to zero if nothing stops data or metadata from unauthorized modification or deletion ; the fifth of the CIANA security paradigm Process of Identifying a Subject correct answer: 1. Ask (or device offers) a claim as to who or what it is 2. Claimant offers further supporting information that attests to the truth of that claim 3. Verify the believability (credibility or trustworthiness) of that supporting information