Principles of Security | Writeup | TryHackMe

Learn the principles of information security that secures data and protects systems from abuse

Link: https://tryhackme.com/room/principlesofsecurity

Task 2: The CIA Triad

What element of the CIA triad ensures that data cannot be altered by unauthorised people?

integrity

What element of the CIA triad ensures that data is available?

availability

What element of the CIA triad ensures that data is only accessed by authorized people?

confidentiality

Task 3: Principles of Privileges

What does the acronym “PIM” stand for?

Privileged Identity Management

What does the acronym “PAM” stand for?

Privileged Access Management

If you wanted to manage the privileges a system access role had, what methodology would you use?

PAM

If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this?

PIM

Task 4: Security Models Continued

What is the name of the model that uses the rule “can’t read up, can read down”?

The Bell-LaPadula Model

What is the name of the model that uses the rule “can read up, can’t read down”?

The Biba Model

If you were a military, what security model would you use?

The Bell-LaPadula Model

If you were a software developer, what security model would the company perhaps use?

The Biba Model

Task 5: Threat Modelling & Incident Response

What model outlines “Spoofing”?

STRIDE

What does the acronym “IR” stand for?

Incident Response

You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?

Tampering

An attacker has penetrated your organisation’s security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this?

Recovery