#31 Flashcards
What means that only authorized people should be able to access or read specific computer systems and data?
Secrecy or Confidentiality
Data breeches are where hackers reveal peoples credit card info. This is an example of what?
Secrecy or Confidentiality
What means that only authorized people should have the ability to use or modify systems and data?
Integrity
Hackers who learn your password and send emails masquerading as you is what?
Integrity hacker
What means that authorized people should always have access to their systems and data?
Availability
Denial of Service Attacks are where hackers overload a website with fake requests to make it slow or unreachable to others. This is an example of what?
Availability
To achieve the three goals security experts start with a specification of who your “enemy” is, at an abstract level. This is called a what?
Threat Model
What profiles attackers: their capabilities, goals and probable means of attack?
Threat models
How a system is secured depends heavily on who it’s being secured against.
True
Often you’ll see threat models specified in terms of technical capabilities. An example of this is someone who has physical access to your laptop along with ________ _______.
Unlimited Time
There are many methods for protecting computer systems, networks and data.
True
Two main security questions:
1.
2.
- who are you?
2. what should you have access to?
What is the process by which a computer understands who it is interacting with?
Authentication
Three types of authentication
1.
2.
3.
- What you know
- What you have
- What you are
Based on the knowledge of a secret that should be known only by the real user and the computer.
What you know
Username and Password
What you know
Based on possession of a secret token that only the real user has.
What you have