IA 2 - UNIT 1

Question 1

is data endowed with relevance and purpose.
Converting data into information thus requires knowledge.
Knowledge by definition is specialized

Answer 1

Information

Question 2

And what characteristics should information possess to be useful

Answer 2

1. accurate,
2. timely,
3. complete,
4. verifiable,
5. consistent,
6. available

Question 3

raw facts with an unknown coding system

Answer 3

Noise

Question 4

raw facts with a known coding system

Answer 4

Data

Question 5

processed data

Answer 5

Information

Question 6

accepted facts, principles, or rules of thumb that are useful for specific domains. Knowledge can be the result of inferences and implications produced from simple information facts

Answer 6

Knowledge

Question 7

• Actions taken that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation.
• This includes providing for restoration of information systems by incorporating protection, detection and reaction capabilities

Answer 7

assurance

Question 8

study of how to protect your information assets from destruction, degradation, manipulation and exploitation. But also, how to recover should any of those happen

Answer 8

Information Assurance (IA)

Question 9

timely, reliable access to data and information services for authorized users

Answer 9

Availability

Question 10

protection against unauthorized modification or destruction of information

Answer 10

Integrity

Question 11

assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of the sender’s identity, so that neither can later deny having processed the data

Answer 11

Non-repudiation

Question 12

assurance that information is not disclosed to unauthorized persons

Answer 12

Confidentiality

Question 13

broad field that there is no universally accepted definition.
Researchers often give their own
spin to IA, usually reflecting their own concerns.

Answer 13

Information Assurance

Question 14

security measures to establish validity of a transmission, message, or originator

Answer 14

Authentication

Question 15

According to Debra Herrmann, IA has four major categories

Answer 15

1. physical security
2. personnel security
3. IT security
4. operational security

Question 16

Four Security Domains

Answer 16

1. Physical security
2. Personnel security
3. IT security
4. Operational security

Question 17

a variety of ongoing measures taken to reduce the likelihood and severity of accidental and intentional alteration, destruction, misappropriation, misuse, misconfiguration, unauthorized distribution, and unavailability of an organization’s logical and physical assets, as the result of action or inaction by insiders and known outsiders, such as business partners

Answer 17

Personnel security

Question 18

refers to the protection of hardware, software, and data against physical threats to reduce or prevent disruptions to operations and services and loss of assets

Answer 18

Physical security

Question 19

inherent technical features and functions that collectively contribute to an IT infrastructure achieving and sustaining confidentiality, integrity, availability, accountability,
authenticity, and reliability

Answer 19

IT security

Question 20

involves the implementation of standard operational security procedures that define the nature and frequency of the interaction between users, systems, and system resources, the purpose which to

• achieve and sustain a known secure system state at all times, and
• prevent accidental or intentional theft, release, destruction, alteration, misuse, or sabotage of system resources

Answer 20

Operational security

Question 21

IA Levels

Answer 21

1. Physical
2. Infrastructure
3. Perceptual

Question 22

• The second level focus of IA is the information structure level.
• This covers information and data manipulation ability maintained in cyberspace, including: data structures, processes and programs, protocols, data content and databases.
• Desired Effects: to influence the effectiveness and performance of information functions supporting perception, decision making, and control of physical processes.
• Attacker’s Operations: impersonation, piggybacking, spoofing, network attacks, malware, authorization attacks, active misuse, and denial of service attacks.
• Defender’s Operations: information security technical measures such as: encryption and key management, intrusion detection, anti-virus software, auditing, redundancy, firewalls, policies and standards.

Answer 22

IA Levels: Infrastructure

Question 23

• The third level focus of IA also called social engineering.
• This is abstract and concerned with the management of perceptions of the target, particularly those persons making security decisions.
  Desired Effects: to influence decisions and behaviors. Attacker’s Operations: psychological operations such as: deception, blackmail, bribery and corruption, social engineering, trademark and copyright infringement, defamation, diplomacy, creating distrust.
• Defender’s Operations: personnel security including psychological testing, education, and screening such as biometrics, watermarks, keys, passwords.

Answer 23

IA Levels: Perceptual

Question 24

• The lowest level focus of IA: computers, physical networks, telecommunications and supporting systems such as power, facilities and environmental controls.
• Also at this level are the people who manage the systems.
• Desired Effects: to affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender.
• Attacker’s Operations: physical attack and destruction, including: electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, and eavesdropping.
• Defender’s Operations: physical security, OPSEC, TEMPEST.

Answer 24

IA Levels: the Physical

Question 25

Note that IA is both proactive and reactive involving:

Answer 25

1. protection,
2. detection,
3. capability restoration,
4. response.

Question 26

IA Functional Components

Answer 26

1. IA environment protection pillars
2. Attack detection:
3. Capability restoration:
4. Attack response:

Question 27

ensure the availability, integrity, authenticity, confidentiality, and non-repudiation of information”

Answer 27

IA environment protection pillars

Question 28

timely attack detection and reporting is key to initiating the restoration and response processes

Answer 28

Attack detection

Question 29

relies on established procedures and mechanisms for prioritizing restoration of essential functions. Capability restoration may rely on backup or redundant links, information system components, or alternative means of information transfer

Answer 29

Capability restoration

Question 30

relies on established procedures and mechanisms for prioritizing restoration of essential functions. Capability restoration may rely on backup or redundant links, information system components, or alternative means of information transfer

Answer 30

Capability restoration

Question 31

involves determining actors and their motives, establishing cause and complicity, and may involve appropriate action against perpetrators… contributes … by removing threats and enhancing deterrence

Answer 31

Attack response

Question 32

a computing environment is made up of five continuously interacting components

Answer 32

1. activities,
2. people,
3. data,
4. technology,
5. networks.

Question 33

types of assets

Answer 33

1. physical asset
2. logical assets:
3. system assets:

Question 34

logical assets

Answer 34

information, data (in transmission, storage, or processing), and intellectual property;

Question 35

physical assets:

Answer 35

devices, computers, people;

Question 36

the items being protected by the system (documents, files, directories, databases, transactions, etc.)

Answer 36

Objects

Question 37

system assets

Answer 37

any software, hardware, data, administrative, physical, communications, or personnel resource within an information system.

Question 38

entities (users, processes, etc.) that execute activities and request access to objects.

Answer 38

Subjects

Question 39

operations, primitive or complex, that can operate on objects and must be controlled.

Answer 39

Actions

Question 40

the information is genuine

Answer 40

authenticity

Question 41

authorized users are able to access it

Answer 41

availability

Question 42

Threats can be categorized by ____: accidental or purposeful (error, fraud, hostile intelligence);

Answer 42

intent

Question 43

the information is free of error and has the value expected

Answer 43

accuracy

Question 44

Examples of Threats

Answer 44

1. Interruption
2. Interception
3. Modification
4. Fabrication

Question 45

assets is one that has known threats. Example: locating an asset in a war zone or a flood zone, or placing an unprotected machine on the Internet.

Answer 45

A hostile environment

Question 46

is a category of entities, or a circumstance, that poses a potential danger to an asset (through unauthorized access, destruction, disclosure, modification or denial of service).

Answer 46

threat

Question 47

the information has value for the intended purpose

Answer 47

utility

Question 48

the information has not been disclosed to unauthorized parties;

Answer 48

confidentiality

Question 49

Threats can be categorized by ____: type of asset, consequences.

Answer 49

impact

Question 50

Threats can be categorized by the kind of ____ involved: human (hackers, someone flipping a switch), processing (malicious code, sniffers), natural (flood, earthquake);

Answer 50

entity

Question 51

is a specific instance of a threat, e.g. a specific hacker, a particular storm, etc.

Answer 51

threat actor

Question 52

the information is whole, complete and uncorrupted;

Answer 52

Integrity

Question 53

the data is under authorized ownership and control.

Answer 53

possession:

Question 54

an unauthorized party tampers with an asset.

Answer 54

Modification

Question 55

an asset becomes unusable, unavailable, or lost

Answer 55

Interruption

Question 56

an unauthorized party gains access to an information asset.

Answer 56

Interception:

Question 57

an asset has been counterfeit.

Answer 57

Fabrication:

Question 58

a nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural countermeasures.

Answer 58

A benign environment

Question 59

a collection of computing environments connected by one or more internal networks under the control of a single authority and security policy, including personnel and physical security.

Answer 59

An enclave

Question 60

weakness or fault in a system that exposes information to attack.

Answer 60

vulnerability

Question 61

a method for taking advantage of a known vulnerability.

Answer 61

exploit

Question 62

one for which there is no known threat (vulnerability is there but not exploitable).

Answer 62

A dangling vulnerability

Question 63

one that does not pose a danger as there is no vulnerability to exploit (threat is there, but can’t do damage).

Answer 63

A dangling threat

Question 64

Three types of attacks

Answer 64

1. passive attack
2. active attack
3. unintentional attack

Question 65

an attack in which the attacker observes interaction with the system.

Answer 65

Passive attack

Question 66

an attempt to gain access, cause damage to or otherwise compromise information and/or systems that support it.

Answer 66

An attack

Question 67

an attack where there is not a deliberate goal of misuse

Answer 67

Unintentional attack:

Question 68

attack in which the attacker directly interacts with the system.

Answer 68

Active attack

Question 69

the active entity, usually a threat actor, that interacts with the system.

Answer 69

Attack subject

Question 70

an organization/entity is the set of ways in which an adversary can enter the system and potentially cause damage.

Answer 70

The attack surface

Question 71

the targeted information system asset.

Answer 71

Attack object

Question 72

an instance when the system is vulnerable to attack.

Answer 72

Exposure

Question 73

is a situation in which the attacker has succeeded.

Answer 73

compromise

Question 74

is a recognized action—specific, generalized or theoretical—that an adversary (threat actor) might be expected to take in preparation for an attack.

Answer 74

indicator

Question 75

is the outcome of an attack. In a purposeful threat, the threat actor has typically chosen a desired consequence for the attack, and selects the IA objective to target to achieve this.

Answer 75

consequence

Question 76

Disruption: targets availability

Answer 76

Disruption

Question 77

targets confidentiality

Answer 77

Exploitation:

Question 78

targets integrity

Answer 78

Corruption:

Question 79

is a type of consequence, involving accidental exposure of information to an agent not authorized access.

Answer 79

Inadvertant disclosure

Question 80

process for an organization to identify and address the risks in their environment.

Answer 80

Risk management

Question 81

are any actions, devices, procedures, techniques and other measures that reduce the vulnerability of an information system.

Answer 81

Controls, safeguards and countermeasures

Question 82

kindsn of controls, safeguards and countermeasures

Answer 82

1. technical
2. policy, procedures and practices education, training and awareness cover and deception (camouflage)
3. human intelligence (HUMINT), e.g. disinformation
4. monitoring of data and transmissions
5. surveillance countermeasures that detect or neutralize sensors,
6. e.g. TEMPEST
7. assessments and inspections.

Question 83

A security profile is the implementation (policy, procedures, technology) of the security effort within an organization.

Answer 83

security posture

Question 84

• is the possibility that a particular threat will adversely impact an information system by exploiting a particular vulnerability.
• The assessment of risk must take into account the consequences of an exploit.

Answer 84

Risk

Question 85

One particular risk management procedure (from Viega and McGraw) consists of six steps:

Answer 85

1. Assess assets
2. Assess threats
3. Assess vulnerabilities
4. Assess risks
5. Prioritize countermeasure options
6. Make risk management decisions

Question 86

• risks not avoided or transferred are retained by the organization.
• E.g. sometimes the cost of insurance is greater than the potential loss.
• Sometimes the loss is improbable, though catastrophic.

Answer 86

Risk acceptance:

Question 87

not performing an activity that would incure risk.

Answer 87

Risk avoidance

Question 88

• shift the risk to someone else.
• E.g. most insurance contracts, home security systems.

Answer 88

Risk transfer:

Question 89

taking actions to reduce the losses due to a risk; many technical countermeasures fall into this category.

Answer 89

Risk mitigation:

Question 90

are the security features of a system that provide enforcement of a security policy.

Answer 90

Trust mechanisms

Question 91

is about preventing the risk from being actualized. E.g., not parking in a high crime area.

Answer 91

Risk avoidance

Question 92

is about limiting the damage should the risk be actualized. E.g., having a LoJack or cheap car stereo.

Answer 92

Risk mitigation

Question 93

generic term that implies a mechanism in place to provide a basis for confidence in the reliability/security of the system. Failure of the mechanism may destroy the basis for trust.

Answer 93

Trust

Question 94

is a collection of all the trust mechanisms of a computer system which collectively enforce the policy.

Answer 94

The trusted computing base (TCB)

Question 95

a measure of confidence that the security features, practices, procedures, and architecture of a system accurately mediates and enforces the security policy.

Answer 95

Assurance

Question 96

The concept of ____ provides a unified approach to conceptualizing (parts of) IA.

Answer 96

trust management

Question 97

waterfall model

Answer 97

1. Requirements
2. Design
3. Coding
4. Testing
5. Deployment
6. Production
7. Decommission

Question 98

the process by which an asset is managed from its arrival or creation to its termination or destruction.

Answer 98

lifecycle

Question 99

is a process by which the project managers for a system will ensure that appropriate information assurance safeguards are incorporated into a system.

Answer 99

Security systems lifecycle management