๐Ÿ”“Principles of Security

Learn the principles of information security that secures data and protects systems from abuse

LogoTryHackMe | Principles of SecurityTryHackMe
https://tryhackme.com/room/principlesofsecurity
Room AttributesValue

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Tags

CIA Triad, Information Security, Incident Response, Threat Model

Task 1 Introduction

Let's proceed!

No answer needed

Task 2 The CIA Triad

What element of the CIA triad ensures that data cannot be altered by unauthorised people?

Reveal Flag ๐Ÿšฉ

๐Ÿšฉintegrity

What element of the CIA triad ensures that data is available?

Reveal Flag ๐Ÿšฉ

๐Ÿšฉavailability

What element of the CIA triad ensures that data is only accessed by authorised people?

Reveal Flag ๐Ÿšฉ

๐Ÿšฉconfidentiality

Task 3 Principles of Privileges

What does the acronym "PIM" stand for?

Reveal Flag ๐Ÿšฉ

๐ŸšฉPrivileged Identity Management

What does the acronym "PAM" stand for?

Reveal Flag ๐Ÿšฉ

๐ŸšฉPrivileged Access Management

If you wanted to manage the privileges a system access role had, what methodology would you use?

HINT: I'm looking for the short acronym here (PIM/PAM)

Reveal Flag ๐Ÿšฉ

๐ŸšฉPAM

If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this?

HINT: I'm looking for the short acronym here (PIM/PAM)

Reveal Flag ๐Ÿšฉ

๐ŸšฉPIM

Task 4 Security Models Continued

What is the name of the model that uses the rule "can't read up, can read down"?

HINT: Formatting: The x Model Look at the direction of the arrows and the text next to them to understand what directions can read up/down depending upon the model

Reveal Flag ๐Ÿšฉ

๐ŸšฉThe Bell-LaPadula Model

What is the name of the model that uses the rule "can read up, can't read down"?

HINT: Formatting: The x Model Look at the direction of the arrows and the text next to them to understand what directions can read up/down depending upon the model

Reveal Flag ๐Ÿšฉ

๐ŸšฉThe Biba Model

If you were a military, what security model would you use?

HINT: Formatting: The x Model

Reveal Flag ๐Ÿšฉ

๐ŸšฉThe Bell-LaPadula Model

If you were a software developer, what security model would the company perhaps use?

HINT: Formatting: The x Model

Reveal Flag ๐Ÿšฉ

๐ŸšฉThe Biba Model

Task 5 Threat Modelling & Incident Response

What model outlines "Spoofing"?

Threat Modeling: Uncover Security Design Flaws Using The STRIDE Approach -- MSDN Magazine, November 2006
https://web.archive.org/web/20070303103639/http://msdn.microsoft.com/msdnmag/issues/06/11/ThreatModeling/default.aspx
Reveal Flag ๐Ÿšฉ

๐ŸšฉSTRIDE

What does the acronym "IR" stand for?

Reveal Flag ๐Ÿšฉ

๐ŸšฉIncident Response

You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?

Reveal Flag ๐Ÿšฉ

๐ŸšฉTampering

An attacker has penetrated your organisation's security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this?

Reveal Flag ๐Ÿšฉ

๐ŸšฉRecovery

PreviousWindows Fundamentals 3NextPython Basics

Last updated