C836 - Fundamentals of Information
Security (WGU)|latest update study
guide
Information Security - ANSWER >>>>>Protecting an organization's
information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction.
Compliance - ANSWER >>>>>Requirements that are set forth by laws
and industry regulations.
CIA - ANSWER >>>>>Confidentiality, Integrity, Availability
Confidentiality - ANSWER >>>>>Refers to our ability to protect our data
from those who are not authorized to use/view it
Integrity - ANSWER >>>>>The ability to prevent people from changing
your data in an unauthorized or undesirable manner
Availability - ANSWER >>>>>Refers to the ability to access our data
when we need it
Utility - ANSWER >>>>>refers to how useful the data is to you.
Attacks - ANSWER >>>>>interception, interruption, modification, and
fabrication
Interception - ANSWER >>>>>attacks that allow unauthorized users to
access your data, applications, or environments. Are primarily attacks
against confidentiality
,Interruption - ANSWER >>>>>attacks that make your assets unusable or
unavailable to you temporarily or permanently. DoS attack on a mail
server, for example. May also affect integrity
Modification - ANSWER >>>>>attacks involve tampering with our asset.
Such attacks might primarily be considered an integrity attack but could
also represent an availability attack.
Fabrication - ANSWER >>>>>attacks involve generating data, processes,
communications, or other similar activities with a system. Fabrication
attacks primarily affect integrity but could be considered an availability
attack as well.
Risk - ANSWER >>>>>is the likelihood that an event will occur. To have
risk there must be a threat and vulnerability.
Risk Management Process - ANSWER >>>>>Identify assets, identify
threats, assess vulnerabilities, assess risks, mitigate risks
Defense in Depth - ANSWER >>>>>Using multiple layers of security to
defend your assets.
Controls - ANSWER >>>>>are the ways we protect assets. Three
different types: physical, logical, administrative
Physical Controls - ANSWER >>>>>environment; physical items that
protect assets think locks, doors, guards, and, fences or environmental
factors (time)
Logical Controls - ANSWER >>>>>Sometimes called technical controls,
these protect the systems, networks, and environments that process,
transmit, and store our data
Administrative Controls - ANSWER >>>>>based on laws, rules, policies,
and procedures, guidelines, and other items that are "paper" in nature.
,They are the policies that organizations create for governance. For
example, acceptable use and email use policies.
Preparation - ANSWER >>>>>phase of incident response consists of all
of the activities that we can perform, in advance of the incident itself, in
order to better enable us to handle it.
Incident Response Process - ANSWER >>>>>1. Preparation
2. Detection and Analysis (Identification)
3. Containment
4. Eradication
5. Recovery
6. Post-incident activity: document/Lessons learned
Detection & Analysis - ANSWER >>>>>where the action begins to
happen in our incident response process. In this phase, we will detect
the occurrence of an issue and decide whether or not it is actually an
incident, so that we can respond appropriately to it.
Containment - ANSWER >>>>>involves taking steps to ensure that the
situation does not cause any more damage than it already has, or to at
least lessen any ongoing harm.
Post-incident activity - ANSWER >>>>>determine specifically what
happened, why it happened, and what we can do to keep it from
happening again. (postmortem).
Identity - ANSWER >>>>>who or what we claim to be. Simply an
assertion.
Authentication - ANSWER >>>>>the act of providing who or what we
claim to be. More technically, the set of methods used to establish
whether a claim is true
, Verification - ANSWER >>>>>simply verifies status of ID. For example,
showing your driver's license at a bar. "Half-step" between identity and
authentication
Five Different Types of Authentication - ANSWER >>>>>• Something
you know: Username/Password/Pin
• Something you have: ID badge/swipe card/OTP
• Something you are: Fingerprint/Iris/Retina scan
• Somewhere you are: Geolocation
• Something you do: Handwriting/typing/walking
Single-factor authentication - ANSWER >>>>>only using one type of
authentication
Dual-factor authentication - ANSWER >>>>>using two different factors
of authentication (2 of the same factor does not count )
Multi-factor authentication - ANSWER >>>>>Use of several (more than
two) authentication techniques together, such as passwords and
security tokens, and geolocation.
Mutual Authentication - ANSWER >>>>>process where the session is
authenticated on both ends and just one end.
Mutual authentication prevents what kind of attacks? - ANSWER
>>>>>man-in-the-middle attacks
Using a password for access is what kind of authentication - ANSWER
>>>>>Something you know
An iris-scan for access is what kind of authentication - ANSWER
>>>>>Something you are
Using a security key-fob for access is what kind of authentication -
ANSWER >>>>>Something you have
Security (WGU)|latest update study
guide
Information Security - ANSWER >>>>>Protecting an organization's
information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction.
Compliance - ANSWER >>>>>Requirements that are set forth by laws
and industry regulations.
CIA - ANSWER >>>>>Confidentiality, Integrity, Availability
Confidentiality - ANSWER >>>>>Refers to our ability to protect our data
from those who are not authorized to use/view it
Integrity - ANSWER >>>>>The ability to prevent people from changing
your data in an unauthorized or undesirable manner
Availability - ANSWER >>>>>Refers to the ability to access our data
when we need it
Utility - ANSWER >>>>>refers to how useful the data is to you.
Attacks - ANSWER >>>>>interception, interruption, modification, and
fabrication
Interception - ANSWER >>>>>attacks that allow unauthorized users to
access your data, applications, or environments. Are primarily attacks
against confidentiality
,Interruption - ANSWER >>>>>attacks that make your assets unusable or
unavailable to you temporarily or permanently. DoS attack on a mail
server, for example. May also affect integrity
Modification - ANSWER >>>>>attacks involve tampering with our asset.
Such attacks might primarily be considered an integrity attack but could
also represent an availability attack.
Fabrication - ANSWER >>>>>attacks involve generating data, processes,
communications, or other similar activities with a system. Fabrication
attacks primarily affect integrity but could be considered an availability
attack as well.
Risk - ANSWER >>>>>is the likelihood that an event will occur. To have
risk there must be a threat and vulnerability.
Risk Management Process - ANSWER >>>>>Identify assets, identify
threats, assess vulnerabilities, assess risks, mitigate risks
Defense in Depth - ANSWER >>>>>Using multiple layers of security to
defend your assets.
Controls - ANSWER >>>>>are the ways we protect assets. Three
different types: physical, logical, administrative
Physical Controls - ANSWER >>>>>environment; physical items that
protect assets think locks, doors, guards, and, fences or environmental
factors (time)
Logical Controls - ANSWER >>>>>Sometimes called technical controls,
these protect the systems, networks, and environments that process,
transmit, and store our data
Administrative Controls - ANSWER >>>>>based on laws, rules, policies,
and procedures, guidelines, and other items that are "paper" in nature.
,They are the policies that organizations create for governance. For
example, acceptable use and email use policies.
Preparation - ANSWER >>>>>phase of incident response consists of all
of the activities that we can perform, in advance of the incident itself, in
order to better enable us to handle it.
Incident Response Process - ANSWER >>>>>1. Preparation
2. Detection and Analysis (Identification)
3. Containment
4. Eradication
5. Recovery
6. Post-incident activity: document/Lessons learned
Detection & Analysis - ANSWER >>>>>where the action begins to
happen in our incident response process. In this phase, we will detect
the occurrence of an issue and decide whether or not it is actually an
incident, so that we can respond appropriately to it.
Containment - ANSWER >>>>>involves taking steps to ensure that the
situation does not cause any more damage than it already has, or to at
least lessen any ongoing harm.
Post-incident activity - ANSWER >>>>>determine specifically what
happened, why it happened, and what we can do to keep it from
happening again. (postmortem).
Identity - ANSWER >>>>>who or what we claim to be. Simply an
assertion.
Authentication - ANSWER >>>>>the act of providing who or what we
claim to be. More technically, the set of methods used to establish
whether a claim is true
, Verification - ANSWER >>>>>simply verifies status of ID. For example,
showing your driver's license at a bar. "Half-step" between identity and
authentication
Five Different Types of Authentication - ANSWER >>>>>• Something
you know: Username/Password/Pin
• Something you have: ID badge/swipe card/OTP
• Something you are: Fingerprint/Iris/Retina scan
• Somewhere you are: Geolocation
• Something you do: Handwriting/typing/walking
Single-factor authentication - ANSWER >>>>>only using one type of
authentication
Dual-factor authentication - ANSWER >>>>>using two different factors
of authentication (2 of the same factor does not count )
Multi-factor authentication - ANSWER >>>>>Use of several (more than
two) authentication techniques together, such as passwords and
security tokens, and geolocation.
Mutual Authentication - ANSWER >>>>>process where the session is
authenticated on both ends and just one end.
Mutual authentication prevents what kind of attacks? - ANSWER
>>>>>man-in-the-middle attacks
Using a password for access is what kind of authentication - ANSWER
>>>>>Something you know
An iris-scan for access is what kind of authentication - ANSWER
>>>>>Something you are
Using a security key-fob for access is what kind of authentication -
ANSWER >>>>>Something you have
