Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Information Security - Security in Computing - INF4831 > Chapter 1 > Flashcards

Chapter 1 Flashcards

1
Q

Assets

A

Hardware, software, data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Vulnerability

A

A weakness in the system that allows harm to occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Threat

A

A set of circumstances that has the potential to cause loss or harm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Controls

A

Prevents threats from exercising vulnerabilities. Also known as a countermeasure. Examples are action, device, procedure or technique

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CIA/security triad

A

Availability - only used by authorised parties
Integrity - only modified by authorised parties
Confidentiality - only viewed by authorised parties

Additionally:
authentication - the ability of the system to confirm the identity of the sender
non-repudiation/accountability - to confirm that the sender cannot deny having sent something

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Harm

A

Interception
Interruption
Modification
Fabrication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Failure of confidentiality

A

Unauthorised access to data by a person or program
Unauthorised access to an approximate data value
Unauthorised learning of the existence of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Subject

A

Who

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Object

A

What

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Mode of access

A

How

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Policy

A

who+what+how = yes/no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Preservation of integrity

A 
precise
accurate
unmodified
modified (correct way, authorised people, authorised process)
consistent
internally consistent
meaningful and usable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

3 aspects of integrity

A

authorised actions, separation and protection of resources
error detection
correction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Availability

A 
Applies to data and services. Definition:
Timely response to requests
Fair resource allocation
Concurrency is controlled
Fault tolerant
The service/system can be easily used
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Advanced persistent threat

A

Organised, financed and patient assailants

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

3 factors for ensuring success by a malicious hacker

A

Method - skills, knowledge, tools
Opportunity - time and access
Motive - money, fame, politics, terror

17
Q

Attack surface

A

A systems full set of vulnerabilities

18
Q

Dealing with harm (controls)

A 
prevent
deter
deflect
mitigate
detect
recover
19
Q

Different types of controls

A

Physical - locks, guards, sprinklers
Procedural - agreement/command for how to act: laws, policies, procedures, guidelines, patents & copyrights, contracts & agreements
Technical - counter with technology: passwords, access controls, network protocols, firewalls, encryption, network traffic flow regulators

20
Q

Overlapping controls

A

Defense in depth - more than one control or more than one class of control to achieve protection

Information Security - Security in Computing - INF4831 (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions