F3 - Threats Flashcards
A key security concept is an abbreviation of three letters, what is this concept?
CIA
In CIA each letter stands for a certain concept, what is C in CIA?
Confidentiality:
The concept is too:
* preserve authorized restrictions on information access and disclosure
* may include ways of protecting personal privacy and proprietary information
In CIA each letter stands for a certain concept, what is I in CIA?
Integrity:
The concept is too:
* guarding against improper modification of information or it’s destruction.
* May include ensuring information nonrepudiation and authenticity.
In CIA each letter stands for a certain concept, what is A in CIA?
Availability:
The concept is too:
* Ensure timely and reliable access to and use of information.
What are the opposites of CIA
Disclosure (Confidentiality)
Alteration (Integrity)
Destruction (Availability)
What is a threat?
A threat is a potential security harm to an asset.
* e.g When health related data or a credit card is disclosed.
How does a threat become a threat?
A threat materializes when an attack succeds.
* E.g a deliberate attempt to vioalate the access of control policy of a system.
When someone is carrying out an attack they are generally refered to as what?
An attacker or threat agent.
What is a threat to a hardware asset? Give an example for availability and confidentiality
- Availability: Equipment is stolen or disabled, thus denying
service. - Confidentiality: An unencrypted CD-ROM or DVD is stolen.
What is a threat to a software asset? Give an example for availability, confidentiality and integrity
- availability: Programs are deleted, denying access to users.
- confidentiality: An unauthorized copy of software is made.
- integrity: A working program is modified, either to cause it to fail during execution or to cause it to do some unintended
task.
What is a threat to a data asset? Give an example for availability, confidentiality and integrity
- availability: Files are deleted, denying access to users.
- confidentiality: An unauthorized read of data is performed.
An analysis of statistical data reveals underlying data. - integrity: Existing files are modified or new files are fabricated.
What is a threat to a Communication Lines and Networks asset? Give an example for availability, confidentiality and integrity
- availability: Messages are destroyed or deleted. Communication lines or networks are rendered unavailable.
- confidentiality: Messages are read. The traffic pattern of
messages is observed. - integrity: Messages are modified, delayed, reordered, or
duplicated. False messages are fabricated.
Name a few typical threat agents
- Curious individuals
- Dishonest people — for personal gain, saving money
- Hackers, crackers, script kiddies — for challenge and reputation
- Companies — for business intelligence and marketing
- Organized criminals — for money
- Governments and security agencies — NSA, GCHQ, DGSE, etc.
- Military SIGINT — strategic and tactical intelligence, cyber defence
What is a vulnerability?
Is a weakness in a system which could either be accidentaly or intentionaly exploited in order to damage assets, such as hardware, software, reputation, etc.
What are the categories of vulnerabilities?
- Corrupted (loss of integrity).
- Leaky (loss of confidentiality).
- Unavailable or very slow (loss of availability).
