Learn the principles of information security that secures data and protects systems from abuse
THM Room https://tryhackme.com/room/principlesofsecurity
TASK 1 : Introduction
Let’s proceed !
No Answer
TASK 2 : The CIA Triad
What element of the CIA triad ensures that data cannot be altered by unauthorised people ?
Answer : Integrity
What element of the CIA triad ensures that data is available ?
Answer : Availability
What element of the CIA triad ensures that data is only accessed by authorised people ?
Answer : Confidentiality
TASK 3 : Principles of Privileges
What does the acronym “PIM” stand for ?
Answer : Privileged Identity Management
What does the acronym “PAM” stand for ?
Answer : Privileged Access Management
If you wanted to manage the privileges a system access role had, what methodology would you use ?
Answer : PAM
If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this?
Answer : PIM
TASK 4 : Security Models Continued
What is the name of the model that uses the rule “can’t read up, can read down” ?
Answer : The Bell-la Padula Model
What is the name of the model that uses the rule “can read up, can’t read down” ?
Answer : The Biba Model
If you were a military, what security model would you use ?
Answer : The Bell-la Padula Model
If you were a software developer, what security model would the company perhaps use ?
Answer : The Biba Model
TASK 5 : Threat Modelling & Incident Response
What model outlines “Spoofing” ?
Answer : STRIDE
What does the acronym “IR” stand for ?
Answer : Incident Response
You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this ?
Answer : Tampering
An attacker has penetrated your organisation’s security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this ?
Answer : Recovery