What are the three components of the CIA triad?
- Confidentiality
- Integrity
- Availability
What does Confidentiality protect against?
The unauthorized disclosure of sensitive information.
What are some examples of Confidentiality controls?
Firewalls, access control lists, encryption.
What is an example of Integrity control?
Hashing.
What are some examples of Availability controls?
Fault tolerance, clustering, backups.
What is Nonrepudiation?
Nonrepudiation means that someone who performed some action cannot later deny having taken that action.
What is a common example of Nonrepudiation control?
Digital signatures.
What are the three key threats to cybersecurity?
Disclosure, Alteration and Denial.
What are the five main types of risks that organizations may face as result of a breach?
- Financial risk
- Reputational risk
- Strategic risk
- Operational risk
- Compliance risk
What are Control Objectives?
Control objectives are statements of a desired security state for an organization.
What are Security Controls?
Security controls are specific measures that fulfill the security objectives of an organization.
What is a Gap Analysis?
A cybersecurity review where a security professional checks the control objectives for an organization and then examines the controls designed to achieve those objectives to make sure they are working as intended.
Name the four Security Control Categories.
- Technical controls
- Operational controls
- Managerial controls
- Physical controls
Name the six Security Control Types.
- Preventive controls
- Deterrent controls
- Detective controls
- Corrective controls
- Compensating controls
- Directive controls
Name the three states in which data might exist.
- Data at rest
- Data in transit
- Data in use
What is the purpose of Data Minimization?
Data minimization seeks to reduce risk by reducing the amount of sensitive data that is maintained on a regular basis.
-
Chapter 1 - General Concepts16
-
Chapter 2 - Threat Landscape18
-
Chapter 3 - Malicious Code10
-
Chapter 4 - Social Engineering and Password Attacks19
-
Chapter 5 - Program Management and Oversight32
-
Chapter 6 - Application Security34
-
Chapter 7 - Cryptography and the PKI52
-
Chapter 8 - Identity and Access Management34
-
Chapter 9 - Resilience and Physical Security27
-
Chapter 10 - Cloud and Virtualization Security39
-
Chapter 11 - Endpoint Security41
-
Chapter 12 - Network Security61
-
Chapter 13 - Wireless and Mobile Security23
-
Chapter 14 - Monitoring and Incident Response27
-
Chapter 15 - Digital Forensics13
-
Chapter 16 - Security Governance and Compliance43
-
Chapter 17 - Risk Management and Privacy34
-
Important Terms/Topics31
-
Dion Review67
-
Dion Review 229
