Chapter 9 Flashcards

1
Q

4 actions to preserve confidentiality

A
  1. id and classify information to be protected
  2. encryption of sensitive information
  3. controlling access to sensitive information
  4. training
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information rights management (IRM)

A

software that provides an additional layer of protection to specific information resources, offering the capability not only to limit access to specific files but also to specify the ACTIONS that individuals who are granted access to that resource can perform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data Loss Prevention Software

A

controls and monitors downloads of data and outbound transmissions - preventive control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Digital watermark

A

a detective control that enables an organization to identify confidential information that has been disclosed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Encryption

A

a preventive control that can be used to protect both confidentiality and privacy. It is the process of transforming plaintext (normal content) into cipher text (unreadable gibberish).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data Masking

A

programs that replace customer’s personal information with fake values before sending that data to the program development and testing system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Decryption

A

ciphertext into plaintext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

3 important factors determine the strength of any encryption system:

A
  1. key length
  2. encryption algorithm
  3. policies for managing the cryptographic keys.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Key escrow

A

involve making copies of all encryption keys used by employees and storing those copies securely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Symmetric Encryption

A

uses the same key to encrypt and decrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

advantages of symmetric encryption

A

it is much faster than asymmetric encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

disadvantages of symmetric encryption

A
  1. both parties need to know the secret key.
  2. Unique keys for each partner set.
    100 customers = 100 keys.
  3. Either party can change text: can’t sign responsibility
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Asymmetric Encryption

A

uses two keys, public and private key. Either key can be used to encrypt, but the other key must be used to decrypt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Advantages of Asymmetric Encryption

A
  1. solves problem of communication symmetric key.
  2. public key can be shared openly, web or email
  3. private key creates digital signature
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Disadvantages of Asymmetric Encryption

A

much slower than symmetric and not useful for large documents/files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Hashing

A

takes plaintext of any length and transforms it into a short code, hash. It provides data integrity and support digital signature

17
Q

Digital certificate

A

is an electronic document, created and digitally signed by trusted 3rd party. certifies the id of the owner of a particular public key and contains the party’s public key. Issued by certificate authorities. like a passport or license

18
Q

nonrepudiation

A

how to create legally binding agreements that cannot be unilaterally repudiated by either party.

19
Q

Digital signature

A

a has of a document that is encrypted using the document creator’s private key

20
Q

Public Key Infrastructure

A

the system for issuing pairs of public and private keys and corresponding digital certificates.

21
Q

Virtual Private Networks

A

Create encrypted tunnel between devices. SSL in the browser, IPSec connects between hosts and networks