001. Today's Security Professional



[ ABOUT: Basic Structures: CIA, DAD, RISK, Controls, Data Protection ]



001. 3 key objectives of cybersecurity programs (CIA triad security model) =


(ii) Integrity = Integrity ensures that there are no unauthorized modifications to information or

systems, either intentionally or unintentionally.

(iii) Availability = Availability ensures that information and systems are ready to meet the needs

of legitimate users at the time those users request them.


002. Nonrepudiation (not part of the CIA triad but also an important goal of some cybersecurity controls)

= Nonrepudiation means that someone who performed some action, such as sending a message, cannot later deny having taken that action. (eg. digital signatures) = the assurance that something cannot be denied by someone


003. 3 key threats to cybersecurity programs (DAD triad model) =

(i) Disclosure (data loss) = the exposure of sensitive information to unauthorized individuals (a violation of the principle of confidentiality) (ii) Alteration = the unauthorized modification of information (a violation of the principle of integrity) (iii) Denial = the disruption of an authorized user's legitimate access to information (a violation of the principle of availability)


004. Data Exfiltration = the performance that attackers who gain access to sensitive information and remove it

from the organization


005. Risk = the potential impact of a security incident

(In most cases, a risk will cross multiple risk categories.) (i) Financial Risk = the risk of monetary damage to the organization as the result of a data breach (direct / indirect) (ii) Reputational Risk = Reputational risk occurs when the negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers, and other stakeholders. (iii) Strategic Risk = the risk that an organization will become less effective in meeting its major goals and objectives as a resul of the breach (threatens/jeopardizes the very existence of an organization or the ability of the organization to execute its business plans --COMPARE WITH OPERATIONAL RISK) (iv) Operational Risk = the risk to the organization's ability to carry out its day-to-day functions (only causes inefficiency and delay within the organization -- COMPARE WITH STRATEGIC RISK) (v) Compliance Risk = Compliance risk occurs when a security breach causes an organization to run afoul of legal or regulatory requirements. (SEE THE CHAPTER 16)


006. PII = Personally Identifiable Information


007. Identity Theft = posed by the exposure of PII to unscrupulous individuals


008. Security Controls = specific measures that fulfill the security objectives of an organization

[ THESE CONTROL CATEGORIES AND TYPES ARE UNIQUE TO CompTIA!!! DIFFERENT IN OTHER EXAMS!!! BE CAREFUL!!! ] (A) Categories = (Many control objectives require a combination of technical, operational, and managerial controls.) (i) Technical Controls = Technical controls enforce confidentiality, integrity, and availability in the digital space. (firewall rules, access control lists, intrusion prevention systems, encryption) (ii) Operational Controls = the processes that we put in place to manage technology in a secure manner (user access reviews, log monitoring, vulnerability management) (iii) Managerial Controls = procedural mechanisms that focus on the mechanics of the risk management process (periodic risk assessments, security planning exercises, the incorporation of security into the organization's change management, service acquisition, project management practices) (iv) Physical Controls = security controls that impact the physical world (fences, perimeter lighting, locks, fire suppression systems, burglar alarms) (B) Types = (i) Preventive Controls = Preventive controls intend to stop aa security issue before it occurs. (firewalls, encryption) (ii) Deterrent Controls = Deterrent controls seek to prevent an attacker from attempting to violate security policies. (vicious guard dogs, barbed wire fences) (iii) Detective Controls = Detective controls identify security events that have already occurred. (intrusion detection systems) (iv) Corrective Controls = Corrective controls remediate security issues that have already occurred. (restoring backups after a ransomware attack) (v) Compensating Controls = the controls designed to mitigate the risk associated with exceptions made to a security policy (vi) Directive Controls = Directive controls inform employees and others what they should do to achieve security objectives. (policies, procedures)


009. Gap Analysis = to evaluate security controls and to find gaps (the cases where the controls do not meet

the control objectives) (Gaps should be treated as potential risks and remediated as time and resources permit.)


010. 3 states of data =

(i) Data at rest = the stored data that resides on hard drives, tapes, in the cloud, or on other storage media (ii) Data in transit = the data that is in motion/transit over a network (iii) Data in use = the data that is actively in use by a computer system


011. Data Protection =

(i) Data Encryption = Encryption technology uses mathematical algorithms to protect information from prying eyes, both while it is in transit over a network and while it resides on systems. (SEE THE CHAPTER 7) (ii) DLP (Data Loss Prevention) = DLP systems help organizations enforce information handling policies and procedures to prevent data loss and theft. (SEE THE CHAPTER 5) (A) DLP systems work in 2 different environments = (i) Agent-based DLP = Agent-based DLP uses software agents installed on systems that search those systems for the presence of sensitive information. = Agent-based DLP can also monitor system configuration and user actions, blocking undesirable actions. (ii) Agentless (network-based) DLP = Agentless (network-based) DLP systems are dedicated devices that sit on the network and monitor outbound network traffic, watching for any transmissions that contain unencrypted sensitive information. (B) DLP systems also have 2 mechanisms of action = (i) Pattern Matching = they watch for the telltale signs of sensitive information. (ii) Watermarking = systems or administrators apply electronic tags to sensitive documents and then the DLP system can monitor systems and networks for unencrypted content containing those tags. (iii) Data Minimization = Data minimization techniques seek to reduce risk by reducing the amount of sensitive information that we maintain on a regular basis. (A) Destroying data from a dataset (B) Deidentification Process = Transforming data in to a format where the original sensitive information is deidentified (C) Data Obfuscation = Transforming data into a format where the original information can't be retrieved (i) Hashing = Hashing uses a hash function to transform a value in our dataset to a corresponding hash value. (ii) Tokenization = Tokenization replaces sensitive values with a unique identifier using a lookup table. (iii) Masking = Masking partially redacts sensitive information by replacing some or all sensitive fields with blank characters. (iv) Access Restrictions = the security measures that limit the ability of individuals or systems to access sensitive information or resources (SEE THE CHAPTER 8) (A) Types = (i) Geographic Restrictions = Geographic restrictions limit access to resources based on the physical location of the user or system. (ii) Permission Restrictions = Permission restrictions limit access to resources based on the user's role or level of authorization. (v) Segmentation and Isolation = (A) Segmentation = Segmentation places sensitive systems on separate networks where they may communicate with each other but have strict restrictions on their ability to communicate with systems on other networks. (B) Isolation = Isolation goes a step further and completely cuts a system off from access to or from outside networks.