CIA Triad
User Access Control (UAC)
Controlling which users have access to networks and what level of access each user has
Threat
An attacker or piece of malware that desires and/or is able to cause harm to a target
Data Integrity
Assurance that information has not been tampered with or corrupted between the source and the end user
Source Integrity
Assurance that the sender of the information is who it is supposed to be
CIA Triad
Confidentiality, Integrity and Availability
File permissions
Customizable settings that only allow certain users to view and edit files
Integrity
Data Integrity and Source Integrity
Confidentiality Methods/Tools
Encryption and User access control
Integrity Methods/Tools
Encryption ‐ User access control ‐ File permissions ‐ Version control systems/backups
Availability
Ensuring data is accessible by approved users when needed
Vulnerability
Flaw in an environment that an attacker can use to harm the target
Hot Site
Has all the equipment needed for the enterprise to continue operation, including office space and furniture, telephone jacks and computer equipment.
Warm Site
Is a compromise between hot and cold. These sites will have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot site. These sites might have backups on hand, but they may not be complete and may be between several days and a week old. The recovery will be delayed while backup tapes are delivered to the site, or network connectivity is established and data is recovered from a remote backup site
Cold Site
Is a similar type of disaster recovery service that provides office space, but the customer provides and installs all the equipment needed to continue operations, and is less expensive, but it takes longer to get an enterprise in full operation after the disaster.
Confidentiality
Making sure only approved users have access to data
Availability Methods/Tools
Offsite data storage/backups ‐ Redundant architecture (hardware and software)
Encryption
Passwords, encryption keys
PPT
People, Processes and Technology is a holistic approach to securing an organization's information
Exploit
The method by which an attacker can use a vulnerability
Risk
The potential that a threat will exploit a vulnerability
