lOMoAR cPSD| 19500986
lOMoARcPSD|19500986
C836 EXAM AND REVIEW UPDATED 2022/2023 CHAPTER 1 TO chapter 6
CHAPTER 1
Define the confidentiality, integrity, availability (CIA) triad.
- -gives a model by which we can think about and discuss security concepts,
tends to be very focused on security, as it pertains to data.
Differentiate confidentiality, integrity, and availability.
Confidentiality
- similar but not the same as privacy
- necessary component of privacy and refers to our ability to protect data
from those who are not authorized to view it
Integrity
- Refers to the ability to prevent our data from being changed in an
unauthorized or undesirable manner
- This could mean the unauthorized change or deletion of our data or
portions of our data, or it could mean an authorized but undesirable
change or deletion of data
- To maintain integrity, we not only need to have the means to prevent
unauthorized changes to our data but also need the ability to reserve the
authorized changes that need to be undone
Availability
- -refers to the ability to access our data when we need it
- -loss of availability can refer to a wide variety of breaks anywhere in the
chain that allows us access tour data
- Issues can result from power loss, operating system or application
problems, network attacks, compromise of a system, or other problems
Define information security.
- -protecting information and information systems from unauthorized
access, use, disclosure, disruption modification, or destruction
- It means we want to protect our data (where ever it is) and system assets
from those who would see to misuse it
Define the Parkerian Hexad and its principles.
- Consist of CIA triad as well as possession or control, authenticity, and
utility for a total of six principles
, lOMoAR cPSD| 19500986
- It is not widely known as the CIA triad
- Integrity does not account for authorized but incorrect modification of
data and instead focuses on the state of the data itself in the sense of
completeness
- Possession or control refers to the physical disposition of the media on
which data is stored. This enables us without involving other factors such
as availability to discuss our loss of the data in its physical medium. The
principle of possession would enable us to more accurately describe the
scope of the incident.
- Authenticity allows us to talk about the proper attribution as to the owner
or creator of the data in question. Authenticity can be enforced through
the use of digital signatures. Nonrepudiation prevents someone from
taking an action such as sending an email and then later denying that he
or she has done so.
- Utility refers to how useful the data is to us. It is the only principle that is
not necessarily binary to nature. We can have a variety of degrees of utility
depending the data format.
Identify the four types of attacks (i.e., interception, interruption, modification, and fabrication).
- Interception attacks allow unauthorized users to access our data,
applications, or environments, and are primarily an attack against
confidentiality. Interception might take the form unauthorized file viewing
or copying, eavesdropping on phone conversations, or reading e-mail, and
be conducted against data at rest or in motion. Properly executed,
interception attacks can be very difficult to detect.
- Interruption attacks cause our assets to become unusable or unavailable
for our use, on a temporary or permanent basis. Interruption attacks often
affect availability but can be an attack on integrity as well.
- Modification attacks involve tampering with our asset. Such attacks might
primarily be considered an integrity attack but could also represent an
availability attack.
- Fabrication attacks involve generating data, processes, communications,
or other similar activities with a system. Fabrication attacks primarily
affect integrity but could be considered an availability attack as well.
- Confidentiality (Interception), Integrity (Interruption, Modification,
Fabrication), Availability (Interruption, Modification, Fabrication)
Compare threats, vulnerabilities, risk, and impact.
- Threat is something that has the potential to cause us harm. Threats tend
to be specific to certain environments particularly in the world of
information security.
, lOMoAR cPSD| 19500986
- Vulnerabilities are weaknesses that can be used to harm us. In the essence
they are holes that can be exploited by threats in order to cause us harm.
A vulnerability might be a specific operating system or application that we
are running, a physical location where we have chosen to place our office
building, a data center that is populated over the capacity of its air-
conditioning system, a lack of backup generators, or other factors.
- Risk is the likelihood that something bad will happen. In order for us to
have a risk in a particular environment, we need to have both a threat and
vulnerability that the specific threat can exploit.
- Impact is considering the value of the asset being threatened to be a
factor, this may change whether we see a risk as being present or not.
Define the risk management process and its stages.
- Identify assets, one of the first and arguably one of the most important
parts of the risk management process is identifying and categorizing the
assets that we are protecting. If we cannot enumerate the assets that we
have and evaluate the importance of each of them, protecting them can
become a very difficult task. Once we have been able to identify that asset
in use, deciding which of them is a critical business asset is another
question entirely. Making an accurate determination of which assets are
truly critical to conducting business will generally require the input of
functions that make use of the asset, those that support the asset itself,
and potentially other involved parties as well. Not all assets need to be
protected equally, by determining where resources should be focused,
and cost can reduce while security increased.
- Identify threats takes place after critical assets are enumerated. It is useful
to a have a framework within which to discuss the nature of a given threat
and the CIA triad or Parkerian hexad serve nicely for this purpose. There
needs to be a concern with losing control of data, maintaining accurate
data, and keeping the system up and running. Given this information, we
can begin to look at areas of vulnerability and potential risk.
- Assess vulnerabilities, in the context of potential threats. An asset may
have thousands or millions of threats that could impact it, but only a small
fraction of these will actual be relevant. The issue of identifying these is
narrowed by considerably by looking at the potential threats first.
- Assess risks, once we have identified the threats and vulnerabilities for a
given asset, we can assess the overall risk. Risk is the conjunction of a
threat and a
vulnerability. A vulnerability with no matching threat or a threat with no
matching vulnerability do not constitute risk.
- Mitigating risks, to help mitigate risk, we can put measures in place to help
ensure that a given type of threat is accounted for. These measures are
lOMoARcPSD|19500986
C836 EXAM AND REVIEW UPDATED 2022/2023 CHAPTER 1 TO chapter 6
CHAPTER 1
Define the confidentiality, integrity, availability (CIA) triad.
- -gives a model by which we can think about and discuss security concepts,
tends to be very focused on security, as it pertains to data.
Differentiate confidentiality, integrity, and availability.
Confidentiality
- similar but not the same as privacy
- necessary component of privacy and refers to our ability to protect data
from those who are not authorized to view it
Integrity
- Refers to the ability to prevent our data from being changed in an
unauthorized or undesirable manner
- This could mean the unauthorized change or deletion of our data or
portions of our data, or it could mean an authorized but undesirable
change or deletion of data
- To maintain integrity, we not only need to have the means to prevent
unauthorized changes to our data but also need the ability to reserve the
authorized changes that need to be undone
Availability
- -refers to the ability to access our data when we need it
- -loss of availability can refer to a wide variety of breaks anywhere in the
chain that allows us access tour data
- Issues can result from power loss, operating system or application
problems, network attacks, compromise of a system, or other problems
Define information security.
- -protecting information and information systems from unauthorized
access, use, disclosure, disruption modification, or destruction
- It means we want to protect our data (where ever it is) and system assets
from those who would see to misuse it
Define the Parkerian Hexad and its principles.
- Consist of CIA triad as well as possession or control, authenticity, and
utility for a total of six principles
, lOMoAR cPSD| 19500986
- It is not widely known as the CIA triad
- Integrity does not account for authorized but incorrect modification of
data and instead focuses on the state of the data itself in the sense of
completeness
- Possession or control refers to the physical disposition of the media on
which data is stored. This enables us without involving other factors such
as availability to discuss our loss of the data in its physical medium. The
principle of possession would enable us to more accurately describe the
scope of the incident.
- Authenticity allows us to talk about the proper attribution as to the owner
or creator of the data in question. Authenticity can be enforced through
the use of digital signatures. Nonrepudiation prevents someone from
taking an action such as sending an email and then later denying that he
or she has done so.
- Utility refers to how useful the data is to us. It is the only principle that is
not necessarily binary to nature. We can have a variety of degrees of utility
depending the data format.
Identify the four types of attacks (i.e., interception, interruption, modification, and fabrication).
- Interception attacks allow unauthorized users to access our data,
applications, or environments, and are primarily an attack against
confidentiality. Interception might take the form unauthorized file viewing
or copying, eavesdropping on phone conversations, or reading e-mail, and
be conducted against data at rest or in motion. Properly executed,
interception attacks can be very difficult to detect.
- Interruption attacks cause our assets to become unusable or unavailable
for our use, on a temporary or permanent basis. Interruption attacks often
affect availability but can be an attack on integrity as well.
- Modification attacks involve tampering with our asset. Such attacks might
primarily be considered an integrity attack but could also represent an
availability attack.
- Fabrication attacks involve generating data, processes, communications,
or other similar activities with a system. Fabrication attacks primarily
affect integrity but could be considered an availability attack as well.
- Confidentiality (Interception), Integrity (Interruption, Modification,
Fabrication), Availability (Interruption, Modification, Fabrication)
Compare threats, vulnerabilities, risk, and impact.
- Threat is something that has the potential to cause us harm. Threats tend
to be specific to certain environments particularly in the world of
information security.
, lOMoAR cPSD| 19500986
- Vulnerabilities are weaknesses that can be used to harm us. In the essence
they are holes that can be exploited by threats in order to cause us harm.
A vulnerability might be a specific operating system or application that we
are running, a physical location where we have chosen to place our office
building, a data center that is populated over the capacity of its air-
conditioning system, a lack of backup generators, or other factors.
- Risk is the likelihood that something bad will happen. In order for us to
have a risk in a particular environment, we need to have both a threat and
vulnerability that the specific threat can exploit.
- Impact is considering the value of the asset being threatened to be a
factor, this may change whether we see a risk as being present or not.
Define the risk management process and its stages.
- Identify assets, one of the first and arguably one of the most important
parts of the risk management process is identifying and categorizing the
assets that we are protecting. If we cannot enumerate the assets that we
have and evaluate the importance of each of them, protecting them can
become a very difficult task. Once we have been able to identify that asset
in use, deciding which of them is a critical business asset is another
question entirely. Making an accurate determination of which assets are
truly critical to conducting business will generally require the input of
functions that make use of the asset, those that support the asset itself,
and potentially other involved parties as well. Not all assets need to be
protected equally, by determining where resources should be focused,
and cost can reduce while security increased.
- Identify threats takes place after critical assets are enumerated. It is useful
to a have a framework within which to discuss the nature of a given threat
and the CIA triad or Parkerian hexad serve nicely for this purpose. There
needs to be a concern with losing control of data, maintaining accurate
data, and keeping the system up and running. Given this information, we
can begin to look at areas of vulnerability and potential risk.
- Assess vulnerabilities, in the context of potential threats. An asset may
have thousands or millions of threats that could impact it, but only a small
fraction of these will actual be relevant. The issue of identifying these is
narrowed by considerably by looking at the potential threats first.
- Assess risks, once we have identified the threats and vulnerabilities for a
given asset, we can assess the overall risk. Risk is the conjunction of a
threat and a
vulnerability. A vulnerability with no matching threat or a threat with no
matching vulnerability do not constitute risk.
- Mitigating risks, to help mitigate risk, we can put measures in place to help
ensure that a given type of threat is accounted for. These measures are
