Chapter 1: Introduction Flashcards
What is the definition of Computer Security according to the NIST Computer Security Handbook?
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunication)
What are two terms related to confidentiality?
- Data confidentiality: assures that private or confidential information is not made available or disclosed to unauthorised individuals.
- Privacy: assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
What are two terms related to integrity?
- Data integrity: assures that data and programs are changed only in a specified and authorised manner.
- System integrity: assures that a system performs its intended function in an unimpaired manned, free from deliberate or inadvertent unauthorised manipulation of the system
What is authenticity?
The property of being genuine, verifiable and trusted. Being able to verify that users are who they say they are and that inputs come from trusted sources.
What is accountability?
Actions performed by an entity need to be traceable to that entity. Supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, after-action recovery and legal action.
There are three levels of impact when a breach of security occurs, what levels are they and what do they mean?
Low:
- Limited adverse effect.
- degradation in mission capability, primary functions can still be performed albeit (noticeably) less effectively
- minor damage to assets
- minor financial loss
- minor harm to individuals.
Moderate:
- Serious adverse effect.
- significant degradation in mission capability, primary functions can still be performed but at significantly reduced effectiveness
- significant damage to assets
- significant financial losses
- significant harm to individuals, however not life threatening.
High:
Severe or catastrophic adverse effect.
- severe degradation or loss of mission capability resulting in inability to perform one or more of its primary functions
- major damage to assets
- major financial loss
- Severe or catastrophic harm to individuals like loss of life or life threatening injuries