The following room is going to outline some of the fundamental principles of security. The frameworks used to protect data and systems to the elements of what exactly makes data secure.
Room Link Principles of Security
The measures, frameworks and protocols discussed throughout this room all play a small part in “Defence in Depth.”
Defence in Depth is the use of multiple varied layers of security to an organisation’s systems and data in the hopes that multiple layers will provide redundancy in an organisation’s security perimeter.
// 01 Task 2 The CIA Triad Principles of Security
Question: What element of the CIA triad ensures that data cannot be altered by unauthorised people?
Answer: Integrity
Question: What element of the CIA triad ensures that data is available?
Answer: Availability
Question: What element of the CIA triad ensures that data is only accessed by authorised people?
Answer: Confidentiality
// 02 Task 3 Principles of Privileges Principles of Security
Question: What does the acronym “PIM” stand for?
Answer: Privileged Identity Management
Question: What does the acronym “PAM” stand for?
Answer: Privileged Access Management
Question: If you wanted to manage the privileges a system access role had, what methodology would you use?
Hint: I’m looking for the short acronym here (PIM/PAM)
Answer: PAM
Question: If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this?
Hint: I’m looking for the short acronym here (PIM/PAM)
Answer: PIM
// 03 Task 4 Security Models Continued Principles of Security
Question: What is the name of the model that uses the rule “can’t read up, can read down”?
Hint: Formatting: The x Model Look at the direction of the arrows and the text next to them to understand what directions can read up/down depending upon the model. Note: In some textbooks, it is described as “no read up” and “no write down.”
Answer: The Bell-La Padula Model
Question: What is the name of the model that uses the rule “can read up, can’t read down”?
Hint: Formatting: The x Model Look at the direction of the arrows and the text next to them to understand what directions can read up/down depending upon the model. Note: In some textbooks, it is described as “no read down” and “no write up.”
Answer: the Biba Model
Question: If you were the military, what security model would you use?
Hint: Formatting: The x Model
Answer: The Bell LaPadula Model
Question: If you were a software developer, what security model would the company perhaps use?
Hint: Formatting: The x Model
Answer: the Biba Model
// 04 Task 5 Threat Modelling & Incident Response Principles of Security
Question: What model outlines “Spoofing”?
Answer: Stride
Question: What does the acronym “IR” stand for?
Answer: Incident Response
Question: You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?
Answer: Tampering
Question: An attacker has penetrated your organisation’s security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this?
Answer: Recovery
Principles of Security