Cit Flashcards

1
Q

What is Information Security?

A

It is the protecting of information and information systems from unauthorized access, use etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is information assets?

A

Data that one deems valuable.
It can be either physical or digital.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Examples of information assets.

A

Paper documents
Digital documents
Password
Software
Source
Etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is our most important assets?

A

People

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What should we consider when securing an asset?

A

We must consider how the level of security relates to the value of the asset.
Example
If it is very valuable it should have high security.
Vice versa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the 3 types of security controls?

A

Prevention
Detection
Recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is prevention in security controls?

A

They try to prevent an incident from happening.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is detection in security controls?

A

They try to detect incidents after they have happened.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is recovery in security controls?

A

They try to reverse the impact of an incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the CIA Triad?

A

Confidentiality
Availability
Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is confidentiality in the CIA?

A

This means information should only be accessible to those who are authorized to access it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Integrity in the CIA Triad?

A

It means information should not be tampered with by unauthorized people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Availability in the CIA Triad?

A

It is ensuring that data is accessible and usable when needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the Parkerian hexad?

A

It is an extension of the CIA Triad
It adds 3 more to the CIA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is possession in the Parkerian hexad?

A

It refers to the physical arrangement of media which the data is stored on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is authenticity in the Parkerian hexad?

A

It is about verifying the origin and legitimacy of the data.
It ensures that the data comes from a reliable source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is utility in the Parkerian hexad?

A

It is how useful and relevant the data is.
It should server its purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is an attack?

A

An attack is a security threat that involves an attempt to obtain, change, destroy, implant or reveal info with out permission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the 4 types of attacks?

A

Interception
Interruption
Modification
Fabrication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is interception?

A

It allow unauthorized users to access data and applications.
Attack against confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are some examples of interception attacks?

A

Eavesdropping
Wiretapping
Key logging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is interruption?

A

It is when a network service (data) is made unavailable.
Attacks against Availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are some examples of interruption?

A

Ransomware
DDos/overloading
Cutting a communication line.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is modification?

A

It is an attack against the integrity of the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What are the 3 types of modification?
Change: change existing information. Insertion: Adding information that was not originally there. Deletion: Removal of existing information.
26
What are some examples of modification?
Data tampering Changing the contents of a message. Altering programs actions.
27
What is fabrication?
It is the creation of fake data, identifies, information with the intent to gain unauthorized access. Attack on integrity and availability
28
What is spoofing?
Fake email trying to pretend it is real.
29
What is an information security threat?
Any thing that can harm the CIA of business's information.
30
What are the 3 types of information security threats.
Abusers and Misusers Accidental occurrences Natural Physical Forces
31
What is abusers and misusers
It occurs when users inappropriately use their privalages whether intentional or not.
32
What is accidental occurrences.
It occurs when an employee's actions lead to damages to the company's data and system.
33
What is natural physical forces?
They are non human threats. Examples: Floods, earthquakes etc
34
What is defense in depth?
It is a multilayered defense system.
35
What are the type of controls?
Physical Administrative Technical
36
What is physical controls?
Stuff like fences, gates, locks cameras, guards, ac
37
What is administrative controls?
Based on rules, policies, tos etc.
38
What are technical controls?
Passwords, encryption, firewalls, etc
39
What is identification?
It is a claim of who you are.
40
What is identity verification?
Examples showing ID card, drivers license
41
What is authentication?
It is a set of methods used to establish a claim of identity to be true.
42
What are the types of authentication factors.
Something you know Something you are Something you have Something you do Where you are located
43
Examples of something you know
Passwords PINs
44
Examples of something you are
Biometrics Fingerprints Iris
45
Examples of something have
Cards Phones Keys
46
Examples of something do
Handwriting How you walk How you talk
47
What is Where you are located
It depends on where the person is physically present.
48
What is multifactor authentication
It uses one or more something you etc.
49
What is mutual authentication
It is when both parties authenticate each other. It is mostly implemented through digit certificates.
50
What is manual synchronization of passwords?
Using the same password everywhere
51
What is enrollment
Recording biometrics
52
What is a hardware token?
Example credit cards Works like google authenticator but usb.
53
What is authorization?
It is what the user is allowed to access or do.
54
What is principle of least privilege
Only the bare minimum of access should be allowed.
55
What are the types of access controls
Allowing access Denying access Limiting access Revoking access
56
What is Access control lists
It's a lists of rules that determine who is allowed or denied access to a computer system, network etc.
57
What are the 2 identifiers
Internet protocol addresses Media access control addresses
58
What is accountability
It provides us with means to trace activities back to their source.
59
What is nonrepudiation
It's a situation where evidence exists to prevent a person from denying that they made a statement or taken an action.
60
What is deterrence
Deters against misbehavior and misuse.
61
What is auditing
It is the reviewing and examining of records, systems etc
62
What is logging?
It gives us a history of the activities that has happened.
63
What is monitoring?
It is the watching of specific items of collected data.
64
What are vulnerabilities assessment
They involve using scanning tools to locate vulnerabilities in the system.
65
What is cryptography
It is the science of keeping information secure.
66
What is a cryptosystem
It's a structure consisting of algorithms that turn plaintext to ciphertext.
67
What are the components of a cryptosystem
Plaintext Ciphertext Encryption algorithm Decryption algorithm Encryption key Decryption key
68
What is plain text
It is the data that needs to be protected.
69
What is encryption algorithm
It is a process that produces a cipher text for plain text and an encryption key.
70
What is ciphertext
It is the scrambled version of the plaintext.
71
What is the decryption algorithm
The reverse of the encryption one
72
What is an encryption key
It is inputted in the encryption algorithm along with the plaintext to compute the cipher text.
73
What is a decryption key
It is inputted in the decryption algorithm along with the cipher text to compute the plaintext
74
What are the 2 types of cryptosystems
Symmetric key encryption Asymmetric key encryption
75
What is the symmetric key encryption
Uses a single key for both encryption and decryption
76
What is asymmetric key encryption
Uses a public key and private key
77
What are hashes used for?
To discover if the original contents of a message has been changed