Core Computing Flashcards

Question

What is information security ?

Answer 1

Information security is the preservation of confidentiality, integrity and availability of information

Answer 2

preventing the disclosure of information to anyone or anything that is not authorised to view or otherwise access that information

Answer 3

Preserving the integrity of information is the safeguarding of its accuracy and completeness

Answer 4

if the information can be accessed by authorised entities on demand whenever they need it for legitimate purpose

Answer 5

* Often in an attempt to improve confidentiality a trade-off is made in which integrity or availability is decreased/threatened and the same goes for the other 2 * An example of this may be repeating credit card details during a phone purchase repeating the details in short integrity by authorised individuals may over here this information which threatens confidentiality

Answer 6

An asset is anything of value to an organisation

Answer 7

A threat is a potential cause of an incident that may result in harm to system organisation

Answer 8

vulnerabilities are weaknesses In an information asset or information system itself that can be exploited

Answer 9

The result of an information security incident caused by threats which affects the assets

Answer 10

The potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organisation

Answer 11

Info about the business without this information the business will not be able to function

Answer 12

Info on employees and customers by law this needs to be protected

Answer 13

Info that provides organisations with a competitive advantage and directs their activities

Answer 14

info whose gathering storage processing and transmission require a long time and involve a high cost

Answer 15

* Business processes are the steps taken to Accomplish certain task that really should be considered In their own right * These can be processes protected as trade secrets or processes That ensure effective delivery Of business goals as well as the mission Of the organisation * Or they can be processes that ensure legal requirements

Answer 16

Network security is the steps to both manage the network perimeter and protect the internal network

Answer 17

by filtering and inspecting all traffic to the network perimeter. This can be done by : Firewall - monitors and controls incoming and outgoing network traffic based on predetermined security rules . Malware - prevents malicious content

Answer 18

○ Segregate networks - This is done by identifying grouping and fascinating critical business systems and appropriate networks . Secure WAPs ○ Enable secure administration ○ Configure the exception handling process ○ Monitor network Assurance processes

Answer 19

. Security policy . Induction process . Make personnel aware of risks . Have security training and see if it works . promote incident reporting e.g. tfl see it say it sort it

Answer 20

○ Individual responsible for the policy ○ A schedule reviews ○ Method for making recommendation for reviews Specific policy insurance and revision date

Answer 21

A principle or rule to guide decisions and achieve rational outcomes

Answer 22

A standard is a agreed way of doing something to a specific or measurable level of quality. It is an created by a recognised body and it is officially documented .

Answer 23

A set of recommended actions to assist in complying with the policy

Answer 24

A list of steps/instructions for performing some action or accomplishing the task

Answer 25

Checking that only authorised individuals can view or modify protected information assets

Answer 26

○ Something a supplicant knows e.g. password, pin or security questions ○ Something a supplicant has e.g. smart cards, bank card . Something a supplicant is e.g. fingerprint, eye scan, voice, palmprint,boimetric

Answer 27

Pro -They are simple for designers and users and can provide good protection if used correctly Cons - Protection is often compromised by the user This is because users make them too short or personal so they're easy to remember or They are also never changed and the same password is used for multiple systems making passwords weaker. . People also forget passwords

Answer 28

. dont give them out . To protect against password guessing we can lock people after three failed attempts . However this enables a form of denial of service because attackers deliberately locked try lock out users which has an affect on availability

Answer 29

CAPCUPD Collectability - It should be easy and harmless to collect Acceptability - The trait should be accepted by the public Performance - It should be fast and accurate regardless of the resources or environment Circumvention - Using fraudulent methods should be difficult Universality - Everyone should have this trait Persistence - The trait shouldn't change too much over time Distinctiveness - The ability of the trait to change between 2 people

Answer 30

False reject rate (FRR) -the percentage of how many users that should have access are denied False acceptance rate(FAR) - the percentage of how many users that shouldnt have access are accepted Crossover error rate (CER) - Level at which the number of false rejections equals to false acceptances

Answer 31

The properties of an individual resource that can be used to identify uniquely one individual or resource

Answer 32

Ensures that user activities can be tracked back to them

Answer 33

Formal or informal review of actions processes, policies and procedures

Answer 34

DAC) Discretionary Access Control - Controls access based upon identity. Straight forward to implement and flexible MAC) Mandatory Access Control - controls access based upon security labels Used when stronger security guarantees that is required, Centralised control of information (RBAC) Role Based Access Control - controls access based upon roles (ABAC) Attribute Based Access Control - controls access based upon attributes

Answer 35

The use of two or more authentication mechanisms from at least two different authentication factors. Sometimes called MFA or 2FA

Answer 36

factors are what we know,posses or is whereas the mechanisms are pins and etc

Answer 37

read write execute

Answer 38

Read,Write,Execute

Answer 39

admins as they are responsible for removing users from groups or modifying the whole groups access rights

Answer 40

Cryptography is a way of turning plaintext (our secret message) into ciphertext (an unreadable version that can later be turned back into the plaintext

Answer 41

1. Large enough key space to resist exhaustive search 2. Resistant to frequency analysis 3. Small change in plaintext results in large change in ciphertext 4. Security depends only on secrecy of key, and not on secrecy of algorithm

Answer 42

. Sometimes called private key encryption . uses the same “secret key” to encipher and decipher message * Both sender and receiver must possess encryption key If either copy of the key is compromised, a hacker can decrypt and read messages

Answer 43

. Sometimes called public key encryption . uses two different but related keys to encrypt/decrypt messages . Typically used to encrypt a symmetric session key rather than the plaintext message

Answer 44

* Caeser cipher * Exhaustive Search . Substitution and Transposition

Answer 45

Data Encryption Standard (DES) Advanced Encryption Standard (AES)

Answer 46

RSA(Have a look at how it works) Elliptic curves

Answer 47

Risk = likelihood x impact

Answer 48

threat,vulnerability and impact

Answer 49

the individual, group or circumstance which causes a given impact to occur, e.g., lone hacker and etc

Answer 50

Octave Allegro NIST 800-30

Answer 51

NIST CSF ISO/IEC 270000 series

Answer 52

- Avoid - Accept - Reduce - Transfer

Answer 53

1.) Identify risk 2.) Analyse risk 3.) Treat Risk 4.) Monitor and review

Answer 54

Uses scale of qualifying attributes to describe magnitude of consequences/likelihood (VL,L,M,H,VH)

Answer 55

Advantage - ease of understanding by all relevant personnel Disadvantage - Dependecnce on subjective choice of the scale

Answer 56

Uses scale of objective numerical values for consequences/likelihood

Answer 57

Advantage - related directly to info security objectives/concerns of organization Disadvantage - Lack of data on new risks . Accurate/missing data in general could create illusion of worth/accuracy of risk assessment

Answer 58

Cost Benefit Analysis

Answer 59

Annualized cost of safeguard

Answer 60

Annualized Loss Expectancy

Answer 61

Annualized Rate of Occurence

Answer 62

Single Loss Expectancy

Answer 63

ALE = SLE × ARO

Answer 64

CBA = ALE(prior) - (ALE(post) + ACS)

Answer 65

Retain/Accept risk retention - organisation may tolerate (but not ignore) risk * Avoid/Terminate risk avoidance - organisation may decide not to do the thing that incurs risk * Share/Transfer risk sharing - transfer risk via an insurance policy or a third party * Modify/Reduce risk modification - adopt controls to lower the current level of risk by reducing likelihood and impact

Answer 66

. Defensive coding . Testing . Back ups . Assurance of availability . Compliance with legal requirements . security of communication . auditing

Answer 67

occurs when an attacker injects malicious code into a trusted website, which is then unknowingly executed by a user's web browser.

Answer 68

Implement escapes in all your code

Answer 69

occurs when an attacker manipulates input fields on a website to execute unauthorized SQL commands on the website's database

Answer 70

* Separate business and development functions * Consider your development environment compromised * Trust your developers, verify their actions

Answer 71

In formal change the Separation of duties ensures the person responsible for testing the code isn’t also responsible for its implementation Two person control requires that an additional person signs off on the code changes, to reduce accidental or malicious flaws

Answer 72

. Patches are updates that address security vulnerabilities within a program or product. Patches should be rolled out at the earliest opportunity because attackers may already know vunerable spots or try to reverse engineer . Patches should be tested

Answer 73

a certificate that the product, service or system in question meets specific requirements

Answer 74

A formal recognition by an independent body that a certification body operates according to international standards

Answer 75

Human Computer Interaction

Answer 76

HCI is the study of interaction between people and computers?

Answer 77

- To improve the interactions between people and computers (machines?) - Making computers more usable and receptive to the user's needs

Answer 78

Usability, User Experience(UX) and User centred design

Answer 79

Usability is making systems easy to learn, easy to use, limiting errors and the severity of errors.

Answer 80

. error rates . time to complete tasks, task failures . number of lookups made

Answer 81

User experience is the user’s entire experience with a interface — not just how well the interface worked, but how they expected it to work, how they feel about using it, and how they feel about the system overall.

Answer 82

satisfaction, intuitive, frustration, good experience, difficult, confusing.

Answer 83

an iterative design process in which designers focus on the users and their needs in each phase of the design process. They do this via a variety of research and design techniques, to create highly usable and accessible products for them

Answer 84

. Bad interfaces can waste users time and cause fustration and errors . Users often leave website or apps with bad interfaces in frustration

Answer 85

Command Line Interface(CLI) - Users control the computer by typing in commands. Examples - command prompt app in Windows, and Terminal in macOS Graphical User Interface (GUI) - Users directly manipulates graphical representations on a computer screen with a pointing device Example - Apple 2 Natural user interface (NUI) - a system for human-computer interaction that a user operates via intuitive actions related to natural, everyday human behaviour like touch gesture or voice Examples - Speech recognition(Sirri,Cortana), Touch screen, Gesture recognition(xbox kinect,wii),Eye tracker Metaverse - the concept of a highly immersive virtual world where people gather to socialize, play, and work Example VR

Answer 86

Touch,sight,sound,smel,taste

Answer 87

1.) Match between system and the real world - Systems should speak the users language E.g. Computer science language: [0][0], [0][2] * Excel speaks users’ language: [A][1], [B][3] 2.) Consistency & standards - Users should not have to wonder whether different words, situations, or actions mean the same thing 3.) Visibility of system status E.g. loading bar 4.) User control and freedom - Users often choose system functions by mistake and will need a clearly marked "emergency exit" to leave the unwanted state E..g. Undo and redo 5.) Error prevention E.g. When you are about to delete a file you get a message asking are you sure before you delete it 6.) Help users recognize, diagnose, and recover from errors E.g if you type wrong password you get a message saying you chose the wrong password 7.) Recognition rather than recall E.g visited links in chrome are purple 8.) flexibility and efficiency of use 9.) Aesthetic and minimalist Design E.g when you search something on google the most relevant thing shows up 10.) Help and documentation E.g Manuals and online help

Answer 88

Evaluating usability of a web-page, app or other software by testing it with real users.

Answer 89

○ not enough time ○ not enough money ○ no expertise in doing it ○ no lab or location in which to perform it ○ don't know how to interpret the results

Answer 90

Early in the software lifecycle and it should be done often/repeatedly.

Answer 91

Its expensive and scientific

Answer 92

. Tested cheaply and often . Not scientific

Answer 93

More users can find many problems . You test with many users

Answer 94

a quiet room where someone can interact with a interface * Participant sits at computer and performs tasks with interface * Moderator / facilitator guides the user through the process . Others on dev team observe user, either from the side or from another room or hidden camera . Record the user and watch later

Answer 95

* Anybody with decent people skills can do it. * Be friendly. * Don't lead the user or give them hints about what to do. * Probe; when they give feedback, ask for more details. . Ask user to do a specific thing and watch to see how they d

Answer 96

It looks to see if the user can actually do thnigs

Answer 97

The user performs an actual task

Answer 98

match up different prototypes or designs

Answer 99

- verifies that UI is okay or that a fix works

Answer 100

1. Type Of Test 2. Purpose/Goals/Objectives 3. Participant Characteristics 4. Task List * Possibly have users try same tasks in different orders 5. Test Environment / Equipment 6. Moderator's Role 7. Evaluation Metrics And Data To Be Collected 8. Report

Answer 101

Percentages and counts of task completed/failed and count errors Tine required to access info for help,recover from errors and complete tasks

Answer 102

Decide specific goals you want users to achieve.

Answer 103

* Don't understand the point of the site. * They use different vocabulary than you, so they can't find a word for the action to do. * Their notion of how to categorize is different. * Site is too busy / cluttered. * Not clear what the options are on the screen.

Answer 104

* Test results don't prove that a product/design/UI "works" * Testing may not be the best use of your time. * Doesn't tell you if the market wants/needs a product like yours.

Answer 105

Software accessibility means that websites, apps, tools and technologies are designed and developed so that people with disabilities can perceive, understand and interact with the software technology with ease.

Answer 106

Anything that has a major effect on people's ability to carry out normal day to day activities

Answer 107

* Speech * Visual(blindness, low vision, colour blindness) * Motor(cerbral palsy, Parkinson's disease, arthritis) * Cognitive (dyslexia, attention deficit disorder) Auditory (sound, hearing impaired audience)

Answer 108

Limited accessibility reduces the Internet's potential as an effective tool. * Assistive/adaptive software will not work if web pages are coded incorrectly coded * The web is spreading rapidly in all things we do and we need to avoid digital isolation and social exclusion. . The population is aging so the number of people with impairments are increasing

Answer 109

when anyone regardless of circumstance can access it

Answer 110

Design for all Inclusive design

Answer 111

AKA Universal design. This means going beyond only designing for user experience and accounts for everything

Answer 112

to design for accessibility based on 4 criteria: - Varying ability - If it works for those with disabilities - Mental state - Usability and aesthetics being compatible

Answer 113

Info and UI components must be presentable to users such that they are visible to all of their senses

Answer 114

This means that users must be able to operate the user interface and all its components

Answer 115

This means that users must be able to understand the information as well as the operation of the user interface

Answer 116

This means that users must be able to access the content as technologies advance

Answer 117

A standard is an agreed way of doing something to a specific or measurable level of quality. It is created by a recognised body and it is officially documented .

Answer 118

. Standards promote best practice . Standards encourage consistency . Standards are independent so a majority agree on them . Standards ensure businesses are compliant

Answer 119

an abstract design rule

Answer 120

advice on how to achieve a principle

Answer 121

* Guidelines provides a clear instruction on a range of issues that designers will encounter . Guidelines will help usability specialists evaluate the designs of their products

Answer 122

the process by which the interface is tested against the needs and practices of the user.

Answer 123

We can get rid of problems to do wih functionalitiy, usability,user experience and etc * Designers can learn about what users think and what makes a good system. .Find out how effective and efficient is the software being studied, and how much the users enjoy using it and how much it annoys and frustrates them, and where they "get stuck“

Answer 124

. Summative Evaluation . Formative Evaluation . Analytic Evaluation . Empirical evaluation . Lab - based Usability Evaluation

Answer 125

○ Often happens at the end of the development process ○ Provides an evaluation or summary of the end product . Matches system to requirements specification

Answer 126

○ Happens during the development process ○ Used to inform the development process hence is applied to a prototype rather than a complete system ○ Takes account of users(knowledge, skills, gender, age, disability, etc.) . Takes account of user tasks or goals

Answer 127

○ Consists of formal methods for analysing interfaces v Heuristic evaluation . Cognitive Walkthrough – task related . Goals Operations Methods Selection Rules (GOMS)- task related . Aims to investigate existing situation, not envision new systems

Answer 128

○ users participate in trials of prototype interfaces ○ requires careful design of the trial’s content and conduct ○ may involve benchmark tasks ○ may involve collecting and processing subjective opinions ○ Evaluating with user participation Field studies and controlled experiments