Chapter 1: Introduction to Security

Question 1

CIA

Answer 1

Confidentiality, Integrity, Availability

Question 2

What does Confidentiality do?

Answer 2

Prevents disclosure of information to outside party

Question 3

Integrity

Answer 3

Guarantees data has not been tampered with

Question 4

AAA

Answer 4

Authentication, Authorization, Accounting(non-repudiation)

Question 5

What is Authentication?

Answer 5

Confirms one’s identity

e.g.) username/password, biometrics, signature etc

Question 6

What is Authorization?

Answer 6

Allows one to access certain materials

e.g.) ACL(Access Control Lists), Linux permission bits etc

Question 7

What is Accounting of Data?

Answer 7

Tracking of data/comp./netwrk resources usage for individuals
e.g.) Logging, auditing, data/network monitoring

Question 8

Types of Threats

Answer 8

Malicious Software

- Unauthorized Access
- System Failure
- Social Engineering

Question 9

Technical security plan

Answer 9

• Technical : Smart cards, ACLs, encryption etc

Question 10

Protection Methods

Answer 10

• User Awareness
  
  • Authentication
  • Anti-malware
  • Data Backups
  • Encryption
  • Data Removal

Question 11

Physical security plan

Answer 11

• Physical : Physical security systems such as alarms, ID cards, CCTV etc

Question 12

Administrative Security plan

Answer 12

• Administrative : Policies, procedures, DRP(Disaster recovery plan) etc