C836 - Fundamentals of Information Security (WGU)

C836 - Fundamentals of Information Security (WGU) Information Security - Protecting an organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Compliance - Requirements that are set forth by laws and industry regulations. CIA - Confidentiality, Integrity, Availability Confidentiality - Refers to our ability to protect our data from those who are not authorized to use/view it Integrity - The ability to prevent people from changing your data in an unauthorized or undesirable manner Availability - Refers to the ability to access our data when we need it Possession/Control - refers to the physical disposition of the media on which the data is stored. (tape examples where some are encrypted and some are not) Authenticity - whether you've attributed the data in question to the proper owner or creator. (altered email that says it's from one person when it's not - violation of the authenticity of the email) Utility - refers to how useful the data is to you. Attacks - interception, interruption, modification, and fabrication Interception - attacks that allow unauthorized users to access your data, applications, or environments. Are primarily attacks against confidentiality Interruption - attacks that make your assets unusable or unavailable to you temporarily or permanently. DoS attack on a mail server, for example. May also affect integrity Modification - attacks involve tampering with our asset. Such attacks might primarily be considered an integrity attack but could also represent an availability attack.