CIA TRIAD
Example of a Vulnerability
A server room remaining unlocked.
Example of a Threat
If someone access a server room that was left unlocked and steals a server.
Threats x Vulnerability = ______
RISK
If an asset has no vulnerabilities or threats, that means there is no _______.
Risk
What is a Threat Agent?
The entity or person doing the threat (ex:human being).
Likelihood
This defines the level of certainty that something bad is going to happen.
Examples of Assets
Computers, routers, server rooms, reputation of a company.
What does the CIA triad stand for?
Confidentiality, Integrity, Availability
We should always spend a lot more time on _____ impact risks.
High
Likelihood can be measured how?
Quantitative and Qualitative
What does confidentiality in CIA triad mean?
The goal of keeping data information from anyone that does not need access to the information.
What is a Threat?
The negative event that exploits a vulnerability.
What is the definition of risk?
The potential to harm.
What is qualitative likelihood?
The quality of customer loyalty in a company; example; surveying customers on a scale of 1-10.
NIST SP 800 30
This is a standard publication used to highlight guidelines on how companies can prevent risks when it comes to security awareness
Vulnerabilities
This is a weakness to an asset that leaves it open to bad things occuring.
Assets
This is any part of the infrastructure that we are worried about being harmed.
What is Impact?
This is the actual harm caused by a threat.
An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk?
Threats x Vulnerability x asset value
What does non-repudiation mean in the CIA triad?
To insure a user can't deny that they have performed an action.
What does availability in the CIA triad mean?
To insure that data and systems are available to authorized users that need access.
What does integrity in the CIA triad mean?
To insure that data and systems stay in the same un-altered state when stored, transmitted, and received.
What does auditing and accounting mean in the CIA triad?
To keep track of things that go on in a system. (Who, what, where, when).
What is quantitative likelihood?
What is the likelihood of the power supply to a router room going out in the span of a year?