ISC CC - CC - Certified in Cybersecurity

Limiting administrative privileges enforces theprinciple of least privilege, reducing ransomware’s ability to spread or encrypt critical systems. Many ransomware attacks rely on elevated privileges to maximize damage.

Information riskrefers to the potential harm arising from the unauthorized access, disclosure, modification, or destruction of sensitive information. This includes credentials, financial records, intellectual property, and personally identifiable information (PII).

Information risk directly impacts theconfidentiality, integrity, and availability (CIA triad)of data. While such incidents may also lead to reputational damage or compliance violations, the primary category describing the exposure of sensitive data itself is information risk.

NIST SP 800-30 emphasizes information risk as a core component of enterprise risk management, especially in organizations that rely heavily on digital data for operations and decision-making.

Elliptic Curve Cryptography (ECC) does not rely on the prime factorization problem. Instead, ECC is based on the mathematical difficulty of solving elliptic curve discrete logarithm problems.

RSA relies directly on the difficulty of factoring large prime numbers. GPG and PGP are encryption tools and standards that may use RSA or other algorithms internally.

ECC provides equivalent security with much smaller key sizes, making it efficient for mobile devices, embedded systems, and environments with limited processing power.

Modern security standards increasingly recommend ECC due to its performance and strong security properties.

Abreachoccurs when sensitive or protected information is accessed, disclosed, or used without authorization—regardless of intent. Even accidental disclosures, such as sending confidential data to the wrong recipient, qualify as breaches because confidentiality has been compromised.

Non-repudiation is a core security principle that ensures an individual or system cannot deny having performed a specific action. In cybersecurity, this concept is critical for accountability, auditing, and legal enforcement. Non-repudiation provides assurance that an action—such as sending an email, approving a transaction, or signing a document—can be definitively attributed to a specific user.

This principle is commonly enforced using cryptographic techniques such as digital signatures, public key infrastructure (PKI), hashing, and secure logging. For example, when a user digitally signs a document using their private key, anyone can later verify that signature using the corresponding public key. This prevents the signer from denying authorship.

Non-repudiation is particularly important in financial systems, legal documents, and regulated environments where proof of action is required. It differs from authentication, which verifies identity, and authorization, which defines permissions. Non-repudiation focuses on ensuring that actions are traceable and undeniable, supporting forensic investigations and compliance with security and legal requirements.

Defense in Depth employs administrative, technical, and physical controls across multiple layers to reduce reliance on any single security mechanism. This approach increases resilience and detection capability.

Firewalls are not particularly effective against insider threats because insiders already have authorized access to internal systems and networks. Firewalls are designed to control traffic between trusted and untrusted networks, not to monitor legitimate internal user behavior.

Least privilege limits what insiders can access, reducing potential damage. Background checks help identify risky individuals before hiring. Separation of duties prevents any one person from having complete control over critical processes.

Insider threats involve misuse of legitimate access, whether malicious or accidental. Effective controls against insiders focus on access management, monitoring, auditing, and behavioral analysis—not perimeter defenses.

Security frameworks consistently emphasize that insider threats require administrative, detective, and procedural controls rather than traditional network perimeter tools like firewalls.

Aprocedureis a detailed, step-by-step set of instructions that explainshowto perform a task in compliance with policies and standards. Procedures translate high-level requirements into actionable guidance for staff.

Policies define what must be done, standards specify mandatory requirements, and procedures explain exactly how to carry them out. Laws are external legal mandates, not internal operational documents.

For example, a security policy may require access reviews, a standard may define review frequency, and a procedure will outline the exact steps to conduct the review. Procedures ensure consistency, reduce errors, and support compliance and auditing efforts.

Separation of duties prevents fraud by ensuring no single individual can complete critical actions alone, enabling detection through checks and balances.

Asecurity incidentis an event or series of events that indicates a possible compromise of confidentiality, integrity, or availability of information systems or data. According to NIST SP 800-61, incidents include attempted or successful unauthorized access, misuse, modification, or denial of service.

Not all incidents result in breaches, but all breaches are incidents. Incidents trigger incident response processes, investigations, and potential escalation depending on severity.