Information assurance and security Flashcards
What is E-commerce?
Any transaction online, including online banking, software services, remote service providers, or online course platforms.
What are the key specifications of Real-world Security?
- Specifications/policy : What is the system supposed to do
- Implementation mechanism : How does it do it?
- Correctness/assurance : Does it really work?
- Human Nature : Can the system survive “clever users”?
What you might want in a software?
*Privacy
*Protection against phishing, vishing
*Integrity
*Authentication
*Authorization
*Confidentiality
*Non-repudiation
*Availability
It is the protection against unauthorized modification or destruction of information.
Integrity
Ensures that information is not disclosed to unauthorized persons.
Confidentiality
The process of verifying the identity of a user, message, or originator.
Authentication
Provides proof of data delivery and sender identity, so that neither party can later deny having processed the information.
Non-repudiation
It is the guarantee of timely, reliable access to data and information services for authorized users.
Availability
What does Availability refer to in information security?
Timely, reliable access to data and information services for authorized users.
Define Integrity in the context of information security.
Protection against unauthorized modification or destruction of information.
What is Confidentiality in information security?
Assurance that information is not disclosed to unauthorized persons.
What is Authentication?
Security measures to establish the validity of a transmission, message, or originator.
What does Non-repudiation mean?
Assurance that the sender has proof of data delivery and the recipient has proof of the sender’s identity.
What are the types of assets in information security?
- Physical assets: Devices, computers, people
- Logical assets: Information, data, intellectual property
- System Assets: Software, hardware, data, personnel resources
What is an attack in the context of information security?
An attempt to gain access, cause damage to, or otherwise compromise information and/or systems.
What is a Passive attack?
An attack in which the attacker does not directly interact with the system.
Define an Active attack.
An attack in which the attacker directly interacts with the system.
What is an Unintentional attack?
An attack where there is no deliberate goal of misuse.
What is Exposure in information security?
An instance when the system is vulnerable to attack.
What does Compromise refer to?
A situation in which the attack has succeeded.
What is a consequence of an attack?
The outcome of an attack, which may include disruption, corruption, or exploitation.
What is meant by Disruption in the context of consequences?
Targets availability.
What is meant by Corruption in the context of consequences?
Targets integrity.
What is meant by Exploitation in the context of consequences?
Targets confidentiality.
What is the definition of Authentication?
The process of recognizing a user’s identity.
What is Authorization?
The process that determines what a user is able to do and see on a website.
What is Malware?
Malicious software designed to disrupt, damage, or gain unauthorized access to systems.
List examples of Malware.
- Viruses
- Worms
- Ransomware
- Trojans
- Spyware
- Adware
What is Phishing?
Tricking individuals into providing sensitive information by pretending to be a trusted entity.
What are common forms of Phishing?
- Emails
- Fake websites
- SMS (‘smishing’)
- Voice calls (‘vishing’)
What is Social Engineering?
Exploiting human psychology to manipulate individuals into divulging confidential information.
What are examples of Social Engineering?
- Pretexting
- Baiting
- Tailgating
- Quid pro quo attacks
What are Denial of Services (DoS) Attacks?
Overloading systems or networks to make them unavailable to legitimate users.
What are Man in the Middle (MITM) Attacks?
Intercepting communication between two parties to eavesdrop or alter data.
What are Password Attacks?
Cracking or stealing passwords through brute force, dictionary attacks, or keylogging.
What are Zero Day Exploits?
Exploiting software vulnerabilities before the vendor releases a patch.
Define Cryptology.
The process of making and using codes to secure the transmission of information.
Where did the word Cryptology came from?
Greek words Kryptos and Grahein
“Kryptos” means hidden
“Grahein” means to write
Code Breaking
Cryptanalysis
Code designing
Cryptography
What does Cryptanalysis refer to?
The process of obtaining the original message from the encrypted message.
What is cryptography?
The practice and study of encryption to prevent unauthorized reading of information.
What does a cryptographic system typically include?
- Private key cipher
- Message integrity techniques
- Secure identification/authentication techniques
What is a Private Key cipher?
A cipher where the secret key is shared between two parties.
What is a Public Key cipher?
A cipher where the secret key is not shared, allowing communication using public keys.
What is the operation principle of the Caesar Cipher?
Each letter is translated into the letter a fixed number of positions after it in the alphabet.
What is a Block Cipher?
Encrypts one fixed length group of bits at a time.
What is the Electronic Codebook (ECB) mode?
The simplest encryption mode where each block is encrypted with the same key.
What is Cipher Block Chaining (CBC)?
Each plaintext block is XORed with the previous ciphertext block, adding randomization.
What is the Counter (CTR) mode?
Acts like a stream cipher, encrypting using the value of a counter.
What is a Stream Cipher?
Encryption performed 1 bit or 1 byte at a time with a pseudo-random sequence.
