CIA Triad
- Confidentiality: preventing unauthorized disclosure of information (e.g., encryption, access control)
- Integrity: ensuring data is not altered without authorization (e.g., hashing, digital signatures)
- Availability: ensuring authorized users can access systems and data when needed (e.g., redundancy, DDoS protection)
Encryption Fundamentals
- Symmetric encryption: single shared key for encryption and decryption; fast; example: AES
- Asymmetric encryption: public/private key pair; solves key distribution; example: RSA
- Hashing: one-way function producing a fixed-size digest used to verify integrity, not to encrypt/decrypt
- Digital signatures: hash encrypted with a sender's private key, proving both integrity and authenticity
- TLS/SSL: uses asymmetric encryption to establish a session, then symmetric encryption for bulk data transfer
Access Control Models
- DAC (Discretionary Access Control): resource owners decide who gets access
- MAC (Mandatory Access Control): access governed by fixed system-wide policy/labels, not owner discretion
- RBAC (Role-Based Access Control): permissions assigned to roles, users assigned to roles
- ABAC (Attribute-Based Access Control): access decisions based on attributes of user, resource, and environment
- Principle of least privilege applies across all models: grant only the minimum access required
Authentication Essentials
- Authentication verifies identity; authorization determines permitted actions
- MFA factor categories: something you know (password), something you have (token/app), something you are (biometrics)
- Phishing-resistant MFA (hardware keys, authenticator apps) is stronger than SMS-based codes
- Strong password practices: unique per account, high entropy, stored in a password manager
OWASP Top 10 Overview
- Broken Access Control: users acting outside their intended permissions
- Cryptographic Failures: weak or missing encryption exposing sensitive data
- Injection: untrusted input altering command/query logic (e.g., SQL injection)
- Insecure Design: missing or ineffective security controls at the design stage
- Security Misconfiguration: default, incomplete, or overly permissive settings
- Vulnerable and Outdated Components: using software with known unpatched flaws
- Identification and Authentication Failures: weaknesses in login/session handling
- Software and Data Integrity Failures: trusting unverified code, plugins, or updates
- Security Logging and Monitoring Failures: insufficient detection of active attacks
- Server-Side Request Forgery (SSRF): server tricked into making unintended requests
Common Attack Types
- Phishing: deceptive communication tricking a user into revealing credentials or installing malware
- SQL injection: malicious input alters a database query's logic
- Cross-site scripting (XSS): malicious script executes in another user's browser via unescaped output
- Denial of service (DoS/DDoS): overwhelming a system with traffic or requests to disrupt availability
- Malware categories: virus, worm, trojan, ransomware, spyware, each with distinct propagation/behavior
Incident Response Phases
- 1. Preparation: policies, tools, and training established before an incident occurs
- 2. Identification: detecting and confirming that an incident has occurred
- 3. Containment: limiting the spread and impact of the incident
- 4. Eradication: removing the root cause from affected systems
- 5. Recovery: restoring systems to normal operation safely
- 6. Lessons Learned: post-incident review to improve future preparation
Vulnerability and Risk Management
- Vulnerability: a weakness in a system that could be exploited
- Threat: anything capable of exploiting a vulnerability
- Risk: likelihood x impact of a threat exploiting a vulnerability
- Patch management: process of identifying, testing, and deploying software updates on a defined SLA
- Penetration testing: authorized simulated attack to identify exploitable weaknesses
Network and Endpoint Security
- Firewall: enforces allow/block rules on traffic based on IP, port, or protocol
- IDS: detects and alerts on suspicious traffic without blocking it
- IPS: detects and actively blocks suspicious traffic in real time
- VPN: encrypts traffic over an untrusted network via a secure tunnel
- Network segmentation: dividing a network into isolated zones to limit lateral movement
- System hardening: reducing attack surface by disabling unused services and enforcing secure configurations
- Know the CIA triad and be able to map any control to the property it protects
- Memorize the incident response phases in exact order: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned
- Be able to name and briefly describe at least five OWASP Top 10 categories
- Distinguish access control models (DAC, MAC, RBAC, ABAC) by who makes the access decision
- Distinguish vulnerability, threat, and risk precisely — this trio is tested constantly
Practice what you learned
1. Which access control model assigns permissions based on user roles rather than individual discretion or fixed labels?
2. In the incident response lifecycle, what is the correct order of the first three phases?
3. Which OWASP Top 10 category describes attacks like SQL injection where untrusted input alters command or query logic?
4. What distinguishes an IPS from an IDS?
5. Which formula best represents how risk is commonly assessed?
Was this page helpful?
You May Also Like
The CIA Triad
Learn Confidentiality, Integrity, and Availability — the foundational model for reasoning about information security.
Access Control Models
Compare DAC, MAC, and RBAC access control models and understand who decides permissions in each approach.
OWASP Top 10 Overview
A practical tour of the OWASP Top 10, the industry-standard list of the most critical web application security risks.
Incident Response Basics
Understand the standard incident response lifecycle used by security teams to detect, contain, and recover from security incidents.
Risk Assessment Basics
Understand how to calculate risk as likelihood times impact and choose between accepting, mitigating, transferring, or avoiding it.
Firewalls and IDS/IPS
How firewalls enforce traffic rules and how IDS/IPS systems detect or actively block malicious network activity.