WGU D430 fundamentals of information security
1. Information se- protecting data, software, and hardware secure against unauthorized access, use,
curity disclosure, disruption, modification, or destruction.
2. Compliance The requirements that are set forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal
government agencies
3. DAD Triad Disclosure, alteration, and denial
4. CIA Triad The core model of all information security concepts. Confidential, integrity and
availability
5. Confidential Ability to protect our data from those who are not authorized to view it.
6. What ways can - lose a personal laptop with data
confidentiality be - Person can view your password you are entering in
compromised? - Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
7. integrity Keeping data unaltered by accidental or malicious intent
8. How to maintain Prevent unauthorized changes to the data and the ability to reverse unwanted
integrity? authorized changes.
Via system/file permissions or Undo/Roll back undesirable changes.
9. Availability The ability to access data when needed
10. Ways Availability - Power loss
can be compro- - Application issues
mised - Network attacks
- System compromised (DoS)
, WGU D430 fundamentals of information security
11. Denial of Service Security problem in which users are not able to access an information system; can
(DoS) be caused by human errors, natural disaster, or malicious activity.
12. Parkerian hexad A model that adds three more principles to the CIA triad:
model
Possession/Control
Utility
Authenticity
13. Possession/ con- Refers to the physical disposition of the media on which the data is stored; This
trol allows you to discuss loss of data via its physical medium.
14. Principle of Pos- Lost package (encrypted USB's and unencrypted USB's)
session example
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is
compromised only via possession).
15. Principle of Au- Allows you to say whether you've attributed the data in question to the proper
thenticity owner/creator.
16. Ways authentici- Sending an email but altering the message to look like it came from someone
ty can be com- else, than the original one that was sent.
promised
17. Utility How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
, WGU D430 fundamentals of information security
18. Security Attacks Broken down from the type of attack, risk the attack represents, and controls you
might use to mitigate it.
19. Types of attacks 1- interception
2- interruption
3- modification
4- fabrication
20. Interception Attacks allows unauthorized users to access our data, applications, or environ-
ments.
Primarily an attack against confidentiality
21. Interception At- Unauthorized file viewing, copying, eavesdropping on phone conversations, read-
tack Examples ing someone's emails.
22. Interruption Attacks cause our assets to become unstable or unavailable for our use, on a
temporary or permanent basis.
This attack affects availability but can also attack integrity
23. Interruption At- DoS attack on a mail server; availability attack
tack Examples
Attacker manipulates the processes on which a database runs to prevent access;
integrity attack.
Could also be a combo of both.
24. Modification Attacks involve tampering with our asset.
Such attacks might primarily be considered an integrity attack, but could also be
an availability attack.
25.
1. Information se- protecting data, software, and hardware secure against unauthorized access, use,
curity disclosure, disruption, modification, or destruction.
2. Compliance The requirements that are set forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal
government agencies
3. DAD Triad Disclosure, alteration, and denial
4. CIA Triad The core model of all information security concepts. Confidential, integrity and
availability
5. Confidential Ability to protect our data from those who are not authorized to view it.
6. What ways can - lose a personal laptop with data
confidentiality be - Person can view your password you are entering in
compromised? - Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
7. integrity Keeping data unaltered by accidental or malicious intent
8. How to maintain Prevent unauthorized changes to the data and the ability to reverse unwanted
integrity? authorized changes.
Via system/file permissions or Undo/Roll back undesirable changes.
9. Availability The ability to access data when needed
10. Ways Availability - Power loss
can be compro- - Application issues
mised - Network attacks
- System compromised (DoS)
, WGU D430 fundamentals of information security
11. Denial of Service Security problem in which users are not able to access an information system; can
(DoS) be caused by human errors, natural disaster, or malicious activity.
12. Parkerian hexad A model that adds three more principles to the CIA triad:
model
Possession/Control
Utility
Authenticity
13. Possession/ con- Refers to the physical disposition of the media on which the data is stored; This
trol allows you to discuss loss of data via its physical medium.
14. Principle of Pos- Lost package (encrypted USB's and unencrypted USB's)
session example
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is
compromised only via possession).
15. Principle of Au- Allows you to say whether you've attributed the data in question to the proper
thenticity owner/creator.
16. Ways authentici- Sending an email but altering the message to look like it came from someone
ty can be com- else, than the original one that was sent.
promised
17. Utility How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
, WGU D430 fundamentals of information security
18. Security Attacks Broken down from the type of attack, risk the attack represents, and controls you
might use to mitigate it.
19. Types of attacks 1- interception
2- interruption
3- modification
4- fabrication
20. Interception Attacks allows unauthorized users to access our data, applications, or environ-
ments.
Primarily an attack against confidentiality
21. Interception At- Unauthorized file viewing, copying, eavesdropping on phone conversations, read-
tack Examples ing someone's emails.
22. Interruption Attacks cause our assets to become unstable or unavailable for our use, on a
temporary or permanent basis.
This attack affects availability but can also attack integrity
23. Interruption At- DoS attack on a mail server; availability attack
tack Examples
Attacker manipulates the processes on which a database runs to prevent access;
integrity attack.
Could also be a combo of both.
24. Modification Attacks involve tampering with our asset.
Such attacks might primarily be considered an integrity attack, but could also be
an availability attack.
25.
