Ch. 6

Question 1

What is confidentiality?

Answer 1

Restrict access to authorized individuals

Question 2

What is integrity?

Answer 2

Data has no been altered in an unauthorized manner

Question 3

What is availability?

Answer 3

Information can be accessed and modified by authorized individuals in an appropriate timeframe

Question 4

What are the tools for information security?

Answer 4

• Authentication
• Access control
• Encryption
• Passwords
• Backup
• Firewalls
• Virtual private networks (VPN)
• Physical security
• Security policies

Question 5

What is authentication?

Answer 5

Persons accessing the information is who they say they are.

Question 6

What is access control?

Answer 6

Once it is authenticated, it only provides access to information necessary to perform their job duties to read, modify, add, and/or delete information and is broken up into:

1. Access control list (ACL)
2. Role-based access control (RBAC)

Question 7

What is access control list (ACL)?

Answer 7

Created for each resource (information) and is a list of users that can read, write, delete or add information and it is difficult to maintain all the lists.

Question 8

What is role-based control (RBAC)?

Answer 8

Rather than individual lists, users are assigned to roles and these roles define what they can access and simplifies administration.

Question 9

What is encryption?

Answer 9

An algorithm (program) that encodes or scrambles information during transmission or storage. It is decoded/scrambled by only authorized individuals to read it.

Question 10

Both the coder and reader agree on the encryption method to use. What two encryption methods are there using keys?

Answer 10

1. Symmetric key

2. Public key

Question 11

What is a symmetric key?

Answer 11

Sender and receiver have the key which can be risky

Question 12

What is a public key?

Answer 12

A public and private key is used where the public key is used to send an encrypted message and a private key that the receiver uses to decode the message

Question 13

What are passwords?

Answer 13

Single-factor authentication (user ID/password) is the easiest to break

Question 14

What is a backup?

Answer 14

Important information should be backed up and stored in a separate location.

Question 15

What is a firewall?

Answer 15

Inspects and stops packets of information that don’t apply to strict set of rules.

Question 16

What are hardware firewalls connected to?

Answer 16

Connected to the network

Question 17

What two kind of firewalls are there?

Answer 17

Hardware and software

Question 18

What do software firewalls run on?

Answer 18

The operating system and intercepts packets as they arrive to a computer

Question 19

What is intrusion detection systems (IDS)?

Answer 19

This watches out for specific types of activities to alert security personnel of potential network attack

Question 20

What are virtual private networks (VPN)?

Answer 20

Some systems can be made private using an internal network to limit access to them. Can’t be accessed remotely and are more secure and requires specific connections such as being onsite.

Question 21

What is physical security?

Answer 21

Protection of the actual equipment.

Question 22

What are security policies?

Answer 22

• The starting point in developing an overall security plan
• The formal, brief, and high-level statement issued by senior management.
• Security policies focus on confidentiality, integrity and availability.

Question 23

What steps should you take as an individual to be more secure yourself?

Answer 23

• Keep your software up to date
• Install antivirus software
• Use public networks carefully
• Backup your data
• Secure your accounts with two-factor authentication
• Make your passwords long, unique, and strong
• Be suspicious of strange links and attachments