Classifying Information Security

Question 1

Fundamentals of Information Security

Answer 1

Confidentiality
Authenticity
Availability
Integrity
Non-repudiation

Question 2

Authenticity

Answer 2

User goes through a verification process to prove rightful ownership of their account they’re attempting to access.

Question 3

Integrity

Answer 3

Your data should be safe and unaltered.

Question 4

Availability

Answer 4

You have the right to access your data whenever you want.

Question 5

Confidentiality

Answer 5

Guarding against the theft or unauthorized/unintentional access of data.

Question 6

Non-repudiation

Answer 6

A security concept that prevents users from denying their participation in a transaction or communication.

Question 7

Classification of Attacks

Answer 7

Close-in attacks
Active attacks
Passive attacks
Insider attacks
Distribution attacks

Question 8

Passive attacks

Answer 8

Sniffling or eavesdropping attack; listen to traffic and intercept info before it reaches its intended recipient.

eg. eavesdropping, traffic analysis

Question 9

Active attacks

Answer 9

Involves direct interaction, altering, or disrupting the target’s data

eg. man in the middle, denial of service

Question 10

Close-in attacks

Answer 10

Attack requiring physical proximity to the target to gain unauthorized access.

eg. shoulder surfing, physical tampering

Question 11

Insider attacks

Answer 11

Attack carried out by someone with authorized access to the system.

eg. data theft by employee

Question 12

Distribution attacks

Answer 12

Attack where malicious software or components are inserted into a trusted supply.

eg. tampered software updates, compromised hardware

Question 13

The Technology Triangle

Answer 13

Usability <-> Functionality <-> Security