CompTIA Chapter 1 Today's security professionals

CIA Triad

1. Confidentiality
2. Integrity
3. Availability

Confidentiality

Ensures unauthorized individuals can't gain access to sensitive information.
EX: Firewalls, Control list, encryption

Integrity

Ensures no unauthorized mods to information or systems, either intentionally or unintentionally.

Availability

Ensures that info + systems are ready to meet needs of legit users at the time they request them.

Security incidents

a breach of Confidentiality, integrity, and/or availability of information or information systems

3 key threats to CS efforts/DAD Triad

1.Disclose
2. Alteration
3. Denial

Disclose

exposure of sensitive information
Violates confidentiality.

Data exfiltration

removal of exposed info from organization

Alteration

Modification of disclosed information. "bit Flip". Natural activity(power surge) violates integrity

Denial

Disruption of access to information, Purposeful (denial of Service) accidental (natural disaster

Financial Risk

risk of monetary damage to the organization as the result of a data breach
Direct- Physical data care center destroyed.
Indirect- employee loses laptop. cost of laptop+ what the laptop contains

Reputational risk

The risk that occurs when the negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers, and other stakeholders.

Strategic Risk

The risk that an organization will become less effective in meeting its major goals and objectives as a result of a breach.

Operational Risk

The risk to an organization's ability to carry out its day-to-day functions.

Compliance Risk

Occurs when a security breach causes an organization to run afoul of legal or regulatory requirements.

Control Objectives

statements of a desired security state. They do not, by themselves, carry out security activities.

Security Controls

Specific measures that fulfill the security objectives of an organization

Technical controls

enforce confidentiality, integrity, and availability in the digital space.

Operational Controls

include the processes that we put in place to manage technology in a secure manner to include user access, log monitoring and vulnerability management.

Managerial Controls

Procedural mechanisms that focus on the mechanics of the risk management process.

Preventive Controls

Controls intended to stop a security issue before it occurs. Firewalls and encryption are examples of this type of Security Control.

Detective Controls

Controls to identify security events that have already occured. Intrusion detection systems are an example of this type of Security Control.

Corrective Controls

Controls to remediate security issues that have already occurred. Restoring backups after a ransomware attack is an example of this type of Security Control.

Deterrent Controls

Controls that seek to prevent an attacker from attempting to violate security policies. Vicious guard dogs and barbed wire fences are examples of this type of Security Control.

Physical Controls

Controls that impact the physical world. Examples of this type of Security Control include fences, perimeter lighting, locks, fire suppression systems, and burglar alarms.

Compensating Controls

Controls that are designed to mitigate the risk associated with exceptions made to a security policy.

Data at Rest

The state of data that resides on hard drives, tapes, in the cloud, or on other storage media. This data is prone to pilfering by insiders or external attackers who gain access to systems and are able to browse through their contents.

Data in Motion

The state of data that is in transit over a network. When data travels on an untrusted network, it is open to eavesdropping attacks by anyone with access to those networks.

Data in Process

The state of data that is actively in use by a computer system. This includes the data stored in memory while the processing takes place. An attacker with control of the system may be able to read the contents of memory and steal sensitive information.

Host-based DLP

uses software agents installed on systems that search those systems for the presence of sensitive information; detecting that information allows the organization to take action to either remove or secure the data. Can also monitor system configuration and user actions, blocking undesirable actions.

Network-based DLP

dedicated devices that sit on the network and monitor outbound network traffic, watching for any transmissions that contain unencrypted sensitive information. They can then block those transmissions, preventing the unsecure loss of sensitive information.

Pattern matching

Watches for the telltale signs of sensitive information. For example, if they see a number that is formatted like a credit card or Social Security number, they can automatically trigger on that.

Watermarking

Where systems or administrators apply electronic tags to sensitive documents and the DLP system can monitor for unencrypted traffic containing those tags. aka DRM - Digital rights management

Data minimization

techniques seek to reduce risk by reducing the amount of sensitive information that we maintain on a regular basis

De-identification

Removes the ability to link data back to an individual, reducing its sensitivity

Data Obfuscation

Transforming data into a format where the original information can't be retrieved

Hashing

uses a hash function to transform a value in our dataset to a corresponding hash value.

Tokenization

Replaces sensitive values with a unique identifier using a lookup table.

Masking

partially redacts sensitive information by replacing some or all sensitive fields with blank characters.

Rainbow Table Attack

The attacker computes the hashes of those candidate values and then checks to see if those hashes exist in our data file.