CNS Reviewer

Question 1

Status Of Security In Computing (In Early 2000s)

Answer 1

• Some computing professionals & managers do not even recognize the value of the resources they use or control.

Question 2

Any piece of the __ can become the target of a computing crime.

Answer 2

computing system

Question 2

Status Of Security In Computing (In Early 2000s)

Answer 2

• In the event of a computing crime, some companies do not investigate or prosecute.

Question 2

a collection of hardware, software, data, and people that an organization uses to do computing tasks

Answer 2

computing system

Question 3

• The _ is the most serious vulnerability.

Answer 3

weakest point

Question 4

Characteristics of Computer Intrusion

A computing system,,,

Answer 4

• The principles of easiest penetration

Question 5

Security Breaches

Answer 5

Exposure
Vulnerability
Threats
Control
Assets

Question 6

a form of possible loss or harm

Answer 6

Exposure

Question 7

a weakness in the system

Answer 7

Vulnerability

Question 8

Human attacks, natural disasters, errors

Answer 8

Threats

Question 9

a protective measure

Answer 9

Control

Question 10

h/w, s/w, data

Answer 10

*Assets

Question 11

Types of Security Breaches

Answer 11

• Disclosure
• Deception
• Disruption
• Usurpation

Question 12

unauthorized access to info

Answer 12

• Disclosure
• ex: Snooping

Question 13

acceptance of false data

Answer 13

• Deception:
• ex: Modification, spoofing, repudiation of origin, denial of receipt

Question 14

prevention of correct operation

Answer 14

• Disruption
• ex: Modification, man-in-the-middle attack

Question 15

Security Components

Answer 15

• Confidentiality
• Integrity
  *Availability

Question 16

unauthorized control of some part of the system (usurp: take by force or without right)

Answer 16

• Usurpation
• ex: Modification, spoofing, delay, denial of service

Question 17

The assets are accessible only by authorized parties.
- Keeping data and resources hidden

Answer 17

• Confidentiality

Question 18

The assets are modified only by authorized parties, and only in authorized ways.
* Data integrity (integrity)
* Origin integrity (authentication)

Answer 18

• Integrity

Question 19

Assets are accessible to authorized parties.
- Enabling access to data and resources

Answer 19

*Availability

Question 20

Computing System Vulnerabilities

Answer 20

• Hardware vulnerabilities
• Software vulnerabilities
• Data vulnerabilities
• Human vulnerabilities

Question 21

Software Vulnerabilities

Answer 21

• Destroyed (deleted) software
• Stolen (pirated) software
• Altered (but still run) software
• Logic bomb
• Trojan horse
• Virus
• Trapdoor
• Information leaks

Question 22

• The principle of adequate protection

Answer 22

Data Security

Question 23

• Storage of encryption keys

Answer 23

Data Security

Question 24

• Software versus hardware methods

Answer 24

Data Security

Question 25

Other Exposed Assets

Answer 25

*Storage media
*Networks
*Access
*Key people

Question 26

People Involved in Computer Crimes

Answer 26

*Amateurs
*Crackers
*Career Criminals

Question 27

Methods of Defense

Answer 27

• Encryption
• Software controls
  *Hardware controls
• Policies
• Physical controls

Question 28

At the heart of all security methods

Answer 28

Encryption

Question 29

Confidentiality of data

Answer 29

Encryption

Question 30

Some protocols rely on encryption to ensure availability of resources.

Answer 30

Encryption

Question 31

__ does not solve all computer security problems.

Answer 31

Encryption

Question 32

Software controls

Answer 32

• Internal program controls
• OS controls
• Development controls

Question 33

are usually the 1st aspects of computer security that come to mind.

Answer 33

Software controls

Question 34

This defines “security” for the site/system/etc.

Answer 34

Policy says what is, and is not, allowed

Question 35

enforce policies

Answer 35

Mechanisms

Question 35

can be simple but effective
Example: frequent changes of passwords

Answer 35

Mechanisms

Question 36

If policies conflict, discrepancies may create security vulnerabilities

Answer 36

• Composition of policies

Question 37

Gradually evolving and maturing

Answer 37

• Legal and ethical controls

Question 38

Goals of Security

Answer 38

• Prevention *Detection *Recovery

Question 39

Prevent attackers from violating security policy

Answer 39

• Prevention

Question 40

Stop attack, assess and repair damage
Continue to function correctly even if attack succeeds

Answer 40

*Recovery

Question 40

Detect attackers’ violation of security policy

Answer 40

*Detection

Question 41

Assurance

Answer 41

• Specification
• Design
• Implementation

Question 42

How system will meet specification

Answer 42

Design

Question 42

• Requirements analysis
• Statement of desired functionality

Answer 42

Specification

Question 43

Programs/systems that carry out design

Answer 43

Implementation

Question 44

Operational Issues

Answer 44

• Cost-Benefit Analysis
• Risk Analysis
• Laws and Customs

Question 45

Is it cheaper to prevent or to recover?

Answer 45

• Cost-Benefit Analysis

Question 46

• Should we protect something?
• How much should we protect this thing?

Answer 46

Risk Analysis

Question 47

Are desired security measures illegal?
Will people do them?

Answer 47

• Laws and Customs

Question 48

Human Issues

Answer 48

• Organizational Problems
• Power and responsibility
• Financial benefits
• People problems
• Outsiders and insiders
• Social engineering