2. Understand Security Concepts Flashcards

1
Q

What does CIA mean?

A
  • Confidentiality
  • Integrity
  • Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the definition of confidentiality?

A

Confidentiality - “Keeping good data away from bad actors”.

For confidentiality to be maintained in a network, data must be protected at rest, in use and on the wire.

Violations of Confidentiality can come from ANYWHERE, at ANY TIME… bad decisions on the part of users, administrators and customers can all lead to a violation. Also, remember that security policies that are not implemented properly can lead to potential confidentiality violations.

Possible countermeasures include:
- Encryption
- Traffic padding
- Strict access controls/authentication
- Data classificatkon
- Awareness training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are Confidentiality countermeasures?

A
  • Encryption
  • Traffic padding
  • Strict access controls/authentication
  • Data classification
  • Awareness training
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does Integrity mean?

A

Integrity -“ Change control for data - no authorised modification without knowledge and consent of the data owner.”

Three ways in which we can understand Integrity:
1. Preventing unauhorised subjects from making modifications
2. Preventing authorised subjects from making unauthorised modifications
3. Maintaining consistency of objects so that they are true and accurate

Possible countermeasures include:
a. Strict access controls/authentication
b. IDS - Intrusion Detection System
c. Encryption
d. Hashing
e. Interface restrictions / controls
f. Input / function checks (validation)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is traffic padding?

A

Traffic padding is a technique used i network security to add extra data to packets in order to make it more difficult for an observer to determine the actua size or timing of the packets being transmitted.
** (extra information) This can help to obscure the true nature of the network and make it harder for attackers to analyse or exploit the network. The purpose of traffic padding is to increase the security & privacy of network communications by making it more challenging for unauthorised parties to intercept, aalie, or manipulate the traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TRUE or FALSE: Confidentiality & Interity depend on each other. One is not effective without the other.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 5 different concepts linked to confidentiality?

A
  1. sensitivity
  2. discretion
  3. criticallity
  4. concealment
  5. isolation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the 4 different additional concepts linked to Integrity?

A
  1. Accuracy
  2. Authenticity
  3. Validity
  4. Nonreudiation - user cannot deny aving performed an action
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does availability mean?

A

Avalability is the continuous access to objects and data.
**(extra) Authorised subjects can access objeccs i a timely mmnner without interruption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the 5 different countermeasures for availability?

A
  1. Strict access controls / authentication
  2. Continuous montoring
  3. Firewalls & routers to prevent DoS / DoS attacks
  4. Redundant system design
  5. Periodic testing of backup systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly