3.1 Goals and Principles - What Is Security Flashcards

1
Q

What is a threat ?

A

Bad Event that might happen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an attack ?

A

someone intentionally causes something bad to happen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an Vulnerability ?

A

weakness in an information system that might enable an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an exploit ?

A

Implementation of an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Risk ?

A

The probability of an attack multiplied by the possible damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a critical infastructure ?

A

Entities/organisations that are important for essential services delivered to the public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the consequences of a loss of a critical infastructure ?

A

Loss or deterioration of service would have a significant impact on public safety

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In which Sectors would you normally find a critical infastructure ?

A

Energy, IT, Telecommunication, Water, Food, Finance, Health, Transport

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is technical prevention ?

A

design systems to prevent, discourage ( If attack cannot be prevented, increase its cost and control damage ) and mitigate attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are attacks that happen all the time in open networks ?

A

port scans, spam, phishing etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the focus of proactive security ?

A

Prevent attacks with technical prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the focus of reactive security ?

A

detect attacks and take measures to stop them. Find the perpetraitors of the attack afterwards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why is Security a continious process ?

A

Attackers always try to find new methods of attack, Defenders need to contiously upgrade their systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is contingency planning ?

A

how to recover from a breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the traditional Security goals ?

A

CIA = confidentiality, integrity, availability

Confidentiality:
protection of secrets

Integrity:
only authorized modification of data and system configuration

Availability:
no denial of service, business continuity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What will rational attackers do ?

A

compare cost of attack with gains, look for weakest link;

17
Q

What will rational defenders do ?

A

compare the risk of an attack with the cost of implementing defenses -> dont focus to much on one goal (diminishing returns)

18
Q

What can be said about the security of a mechanism ?

A

Nothing useful, except in the context of a specific application and environment.

19
Q

How much should you spend on security ?

A

Never spend more mitigating a risk than tolerating it will cost you

20
Q

What are the means to achieve security ?

A
  • Ethics
  • Laws
  • Rules
  • organisation
  • management
  • Technical controls