This principle ensures only authorized people can access data.
What is Confidentiality?
An unpatched piece of software on a server is an example of this.
What is a Vulnerability?
Fencing, guards, lighting, and CCTV protecting a facility perimeter fall under this category.
What is Site Security?
Security awareness training and background checks are examples of this control type.
What are Administrative Controls?
This simple, fast value (like CRC32) catches accidental data corruption during transfer.
What is a Checksum?
This principle ensures systems and data are accessible when needed.
What is Availability?
A hacker actively scanning your network for weaknesses is an example of this.
What is a Threat?
Cable locks and BIOS/UEFI passwords are examples of this device-level protection.
What is Computer Security?
Firewalls, encryption, and multi-factor authentication are examples of this control type.
What are Technical Controls?
This cryptographic value is designed to resist deliberate tampering, not just accidental errors.
What is a (Cryptographic) Hash?
This principle ensures data stays accurate and hasn't been altered without authorization.
What is Integrity?
This term describes the likelihood and impact of a threat actually exploiting a vulnerability.
What is Risk?
USB drives and external media are controlled with port blocking and DLP because they pose this kind of risk.
What are Removable Devices & Drives?
This is the third major control category, alongside administrative and technical, and includes badges and mantraps.
What are Physical Controls?
This hash property means a tiny change to the input drastically changes the output.
What is the Avalanche Effect?
This security concept means someone can't deny performing an action, often proven with digital signatures or audit logs.
What is Non-Repudiation?
This principle limits a user or system to only the access needed to do their job.
What is the Principle of Least Privilege?
This physical control uses two interlocking doors so only one person is admitted at a time.
What is a Mantrap?
This document defines how employees may use company systems and data, and is a classic administrative control.
What is an Acceptable Use Policy (AUP)?
This hash property makes it extremely difficult to find two different inputs that produce the same output.
Collision Resistance?
A published hash value that lets users confirm a downloaded file hasn't been tampered with primarily supports this CIA principle.
What is Integrity?
Smart cameras, sensors, and locks with weak default security expand this network-wide concept.
What is the Attack Surface (including IoT)?
This term describes an unauthorized person slipping through a secure door behind an authorized employee.
What is Tailgating (or Piggybacking)?
A firewall configured to 'deny by default' is an example of this control category enforcing a security policy.
What is a Technical Control?
On the Certiport exam, this term describes cryptographic integrity verification, while the other term mostly appears in networking/error-detection contexts.
What are Hashing and Checksums?