πPrinciples of Security
Learn the principles of information security that secures data and protects systems from abuse
Room Attributes
Value
Subscription Required
False [Free]
Type
Walkthrough
Difficulty
Info
Tags
CIA Triad, Information Security, Incident Response, Threat Model
Task 1 Introduction
Let's proceed!
No answer needed
Task 2 The CIA Triad
What element of the CIA triad ensures that data cannot be altered by unauthorised people?
What element of the CIA triad ensures that data is available?
What element of the CIA triad ensures that data is only accessed by authorised people?
Task 3 Principles of Privileges
What does the acronym "PIM" stand for?
What does the acronym "PAM" stand for?
If you wanted to manage the privileges a system access role had, what methodology would you use?
HINT: I'm looking for the short acronym here (PIM/PAM)
If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this?
HINT: I'm looking for the short acronym here (PIM/PAM)
Task 4 Security Models Continued
What is the name of the model that uses the rule "can't read up, can read down"?
HINT: Formatting: The x Model Look at the direction of the arrows and the text next to them to understand what directions can read up/down depending upon the model
What is the name of the model that uses the rule "can read up, can't read down"?
HINT: Formatting: The x Model Look at the direction of the arrows and the text next to them to understand what directions can read up/down depending upon the model
If you were a military, what security model would you use?
HINT: Formatting: The x Model
If you were a software developer, what security model would the company perhaps use?
HINT: Formatting: The x Model
Task 5 Threat Modelling & Incident Response
What model outlines "Spoofing"?
What does the acronym "IR" stand for?
You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?
An attacker has penetrated your organisation's security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this?
Last updated