Home Principles of Security
Post
Cancel

Principles of Security

Learn the principles of information security that secures data and protects systems from abuse

THM Room https://tryhackme.com/room/principlesofsecurity

TASK 1 : Introduction

Let’s proceed !

No Answer

TASK 2 : The CIA Triad

What element of the CIA triad ensures that data cannot be altered by unauthorised people ?

Answer : Integrity

What element of the CIA triad ensures that data is available ?

Answer : Availability

What element of the CIA triad ensures that data is only accessed by authorised people ?

Answer : Confidentiality

TASK 3 : Principles of Privileges

What does the acronym “PIM” stand for ?

Answer : Privileged Identity Management

What does the acronym “PAM” stand for ?

Answer : Privileged Access Management

If you wanted to manage the privileges a system access role had, what methodology would you use ?

Answer : PAM

If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this?

Answer : PIM

TASK 4 : Security Models Continued

What is the name of the model that uses the rule “can’t read up, can read down” ?

Answer : The Bell-la Padula Model

What is the name of the model that uses the rule “can read up, can’t read down” ?

Answer : The Biba Model

If you were a military, what security model would you use ?

Answer : The Bell-la Padula Model

If you were a software developer, what security model would the company perhaps use ?

Answer : The Biba Model

TASK 5 : Threat Modelling & Incident Response

What model outlines “Spoofing” ?

Answer : STRIDE

What does the acronym “IR” stand for ?

Answer : Incident Response

You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this ?

Answer : Tampering

An attacker has penetrated your organisation’s security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this ?

Answer : Recovery

This post is licensed under CC BY 4.0 by the author.