CIA Triad Fundamentals
“The component of the CIA triad that ensures information cannot be altered by unauthorized parties.”
What is Integrity?
“This structured plan includes policies, procedures, and ongoing risk analysis.”
What is an Information Security Program?
“This person has ultimate responsibility for the security program and reporting to executives.”
Who is the Chief Information Security Officer (CISO)?
“High-level mandatory statements setting security goals are known as this.”
What are Security Policies?
“Balancing protection of IT assets while not hindering business performance is this.”
What is Security vs. Usability (or Availability)?
“The CIA principle concerned with making data available when needed.”
What is Availability?
“Identifying, assessing, and mitigating vulnerabilities is known as this.”
What is Risk Management?
“These individuals ensure that users follow policies and receive security training.”
Who are Security Administrators?
“These detailed, step-by-step guides explain how to perform security tasks.”
What are Procedures?
“This type of security control reduces the likelihood or impact of a threat.”
What is a Preventive Control?
This principle requires that only those with permission can read sensitive data.”
What is Confidentiality?
“This is any potential occurrence that might negatively impact organizational assets.”
What is a Threat?
“This role implements and manages security controls on technical systems.”
Who are System Administrators?
“This type of document contains specific guidelines or rules derived from policy.”
What are Standards?
“These are reactive measures taken after a security incident to limit damage.”
What are Corrective Controls?
A breach in this pillar can allow unauthorized data modification.”
What is a breach of Integrity?
“A weakness in a system or process that could be exploited is called this.”
What is a Vulnerability?
“Users who follow rules and attend awareness sessions hold this vital duty.”
What is User Accountability?
“Best practices that are recommended but not mandatory fall under this term.”
What are Guidelines?
“This challenge arises when security measures make systems hard to use.”
What is Resistance to Security (User Friction)?
“Ensuring data is accurate, complete, and reliable aligns with this concept.”
What is Integrity?
“The estimated effect on an organization if a particular risk occurs is referred to as this.”
What is Impact?
“This group sets the strategic direction and provides risk funding decisions.”
Who is the Executive Management/Board of Directors?
“This document communicates required and preferred system configurations.”
What is a Baseline?
“Working to comply with HIPAA or GDPR reflects tackling this aspect of security.”
What is Regulatory/Legal Compliance?