Introduction Flashcards

1
Q

What is the aim of cyber security?

A

To protect assets from harm or tampering. These assets can be in the form of physical hardware, software and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How are computers protected from harm?

A

Through controls and countermeasures after considering threats and vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the five functions of security?

A
Identify
Protect
Detect
Respond
Recover
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the aims of security?

A
Confidentiality
Integrity
Availability
Authenticity
Accountability
Reliability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a threat?

A

Circumstance that has the potential to cause harm such as human attacks or natural disasters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a vulnerability?

A

A weakness that might be exploited in a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the four principles of Computer Security?

A

Easiest Penetration
Adequate Protection
Weakest Link
Effectiveness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the principle of Easiest Penetration?

A

An intruder must be expected to attempt any available means of penetration and the one that succeeds may not be the obvious one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the principle of Adequate Protection?

A

Computer items must be protected until they lose their value and they must be protected to a degree consistent with their value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the principle of Weakest Link?

A

Security in a system is as strong as its weakest link.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the principle of effectiveness?

A

Controls must be used used, be appropriate and be applied properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why are users not to blame for security attacks?

A

Advice is usually technical and most users aren’t technically minded.

Users are naive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does the identify function aid?

A

Allows organizations to understand their assets, data and capabilities which, in turn, allows them to manage the risks posed to them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What kinds of activities does the Identify function support?

A

Identification of assets to create an asset management program.

Identification of policies to create a governance program

Identification of a risk management strategy for the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does the protect function support?

A

The ability to limit or contain the impact of potential cybersecurity breaches, and have safeguards in place for critical services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What kind of activities support the protect function?

A

Place controls into the network

Awareness training for staff to improve their understanding of cybersecurity threats and issues.

17
Q

What is the detect function concerned with?

A

The appropriate activities to identify the occurrence of a cybersecurity event in a timely manner.

18
Q

What type of activities does the detect function consist of?

A

Continuous monitoring of the network

Correct detection and evaluation of anomalies

Effective systems in place that notify of important events.

19
Q

What does the respond function support?

A

The appropriate activities to take action regarding a detected cybersecurity incident to minimize the impact.

20
Q

What type of activities support the respond function?

A

response planning processes are executed during & after an incident

Management of communications during and after the event.

21
Q

What does the recover function concern itself with?

A

Identifies the appropriate activities to maintains plans for resilience and to restore services impaired during cybersecurity incidents.

22
Q

What activities support the recover function?

A

Recovery planning processes and procedures are in place

Lessons learned are incorporated into processes for improvement.

23
Q

What is confidentiality concerned with?

A

Only authorized parties can access the data

24
Q

What is integrity concerned with?

A

Only authorized parties can make changes to the data

25
Q

What is availability concerned with?

A

Authorized parties must be able to access assets.

26
Q

What is authenticity concerned with?

A

Authorized users are who they say they are

27
Q

What is reliability concerned with?

A

Authorized users get expected results when using systems.

28
Q

What is accountability concerned with?

A

Responsibility for actions can be traced to the user.