Introduction to Information security Flashcards

Question 1

Q

What is a threat

Answer

A

A potential occurence that can have an adverse effect on the assets and resources of a system

Question 2

Q

What is a vulnerability

Answer

A

A characteristic in a system that allows for a threat to occur. A weakness in the system that makes the threat possible.

Question 3

Q

What is an attack

Answer

A

An action that involves exploiting a system vulnerability in order to cause an existing threat to occur

Question 4

Q

What are the 4 types of threats?

Answer

A

Disclosure, deception, disruption and usurpation

Question 5

Q

What is disclosure?

Answer

A

When information is available or leaked to an attacker

Question 6

Q

What is deception?

Answer

A

Providing false information or tricking someone to do what you want them to do.

Question 7

Q

What is disruption?

Answer

A

Preventing communication from happening, for example disrupting information from being shared

Question 8

Q

What is disruption?

Answer

A

Preventing communication from happening, for example disrupting information from being shared

Question 9

Q

What is usurpation?

Answer

A

When someone gets unauthorized access to a system or parts of a system.

Question 10

Q

What is snooping?

Answer

A

And disclosure attack where someone is getting and viewing information they weren’t supposed to have. Usually done with direct access to a machine

Question 11

Q

What is the CIA triad that is used to uphold computer security?

Answer

A

Upholding the three properties of confidentiality, integrity and availablility

Question 12

Q

What is confidentiality?

Answer

A

Prevention of disclosure of authorized information

Question 13

Q

What is integrity?

Answer

A

Prevention of unauthorized modification of information

Question 14

Q

What is availability?

Answer

A

The ability to withstand unauthorized withholding of information.
The necessary and promised data and system functionality should be available for indiviuals when they need them to be.

Question 15

Q

What is accountability in respect to of information security?

Answer

A

Who can you blame or account resources to

Question 16

Q

What is non-repudiation?

Answer

A

Not being able to deny one’s actions or repudiate, because of evidence or records of the action happening

Question 17

Q

What is computer security?

Answer

A

A system needs to behave in the way the designer intended it to.
Preventing attackers from achieven objectives through unautherized acces or use of systems.
How a system behaves in respect to integrity, confidentiality and availability.

Question 18

Q

What are security policies?

Answer

A

Policies set by organizations to keep their organization secure.
Tells what you are and aren’t supposed to do (i.e. going to certain websites on a work computer, downloading apps)

Question 19

Q

What is security mechanisms?

Answer

A

Ways to enforce security policies to make them work in practice.

Question 20

Q

What is one way that a security policy can be viewed as successful/effective?

Answer

A

When the policy handles multiple states of a system (secure states, insecure state) and there is no way for a system to transition to move from a secure to an insecure state. The system must also begin in a secure state.

Question 21

Q

What are three concept that can be used in security mechanisms to enforce security policies

Answer

A

Prevention (making sure aspects of the policy can’t be violated)
Detection (detecting policy violation, or determining when the policy was violated).
Recovery (Being able to revert back to a secure state after violation).

Question 22

Q

What are some types of security mechanisms?

Answer

A

Physical controls: Physical mechanisms that stop things from happening (locks)

Hardware and software controles: Mechanisms that can run checks/test to ensure a policy is held (access control, authorization).

Cryptography: Enforces confidentiality and integrity inside computer systems.

Question 23

Q

What are some methods to decide what security mechanisms to put into practice?

Answer

A

Evaluate added cost to possible mechanisms when their in use - mitigating (how to make things expensive for an attacker)
Laws and regulations
Risk analysis and assesment (likelyhood, possible consequences, how tolerable is the risk)’
Cost-benefit analysis (calculates the benefits of implementation and the associated cost of doing so)
Human issues (usability): Prioritizing mechanisms that are easy for users to use or realistic that users actually will use properly

Question 24

Q

What does security mechanisms want to accomplish?

Answer

A

Making the system so difficult to attack or so expensive to penetrate that it is no longer worth it for an attacker to do so

Question 25

Q

What does security mechanisms want to accomplish?

Answer

A

Making the system so difficult to attack or so expensive to penetrate that it is no longer worth it for an attacker to do so

Question 26

Q

What is mitigantion in regards to information security?

Answer

A

Reduction of severity or seriousness of an event. Centered around limiting impact of threats

Question 27

Q

What is hacktivism?

Answer

A

The action of hacking with politically or socially motivated purposes

Question 28

Q

What is an hobbyist hacker?

Answer

A

A hacker who’s is not employed by the government or an organization

Question 29

Q

What happens during a security breach

Answer

A

A system has transitioned from a secure state to an insecure state

Question 30

Q

What is security by designation

Answer

A

A user grants authority, so the user has the necessary context to know why it should be granted.

Question 31

Q

What is security by admonition?

Answer

A

The program initiates the request for authority. A user might not understand if it should be granted or not. A user may not have the context to decide whether to grant it.

Question 32

Q

When is security by admonition required?

Answer

A

When a user is likely to grant an actor the ability to do something that the user doesn’t want.

Question 33

Q

What is the principle of “Path of least resistance”?

Answer

A

The most natural way of executing a task should also be the safest

Question 34

Q

What is the principle “Appropriate boundaries”?
(TODO)

Question 35

Q

What is the principle of “Explicit authorization”?

Answer

A

A user’s authority should only be granted to
another actor through an explicit user action understood to imply
granting.

Question 36

Q

Define the principle of “Visibility” in secure interaction design

Answer

A

The interface should let the user easily review any active authority relationships that could affect security decisions.

Question 37

Q

Define the principle of “Recoverability” in secure interaction design

Answer

A

The interface should let the user easily revoke authority
that the user has granted, whenever revocation is possible.

Question 38

Q

Define the principle of “Expected ability” in secure interaction design

Answer

A

The interface should not give the user the impression of having authority that the user does not actually have.

Question 39

Q

Define the principle of “Trusted path” in secure interaction design

Answer

A

The user’s communication channel to any entity that manipulates authority on the user’s behalf must be unspoofable and free of corruption.

Question 40

Q

Define the principle of “Identifiability” in secure interaction design

Answer

A

The interface should ensure that identical objects or
actions appear identical and that distinct objects or actions appear different

Question 41

Q

Define the principle of “Expressiveness” in secure interaction design

Answer

A

The interface should provide enough expressive
power to let users easily express security policies that fit their goals.

Question 42

Q

Define the principle of “Clarity” in secure interaction design

Answer

A

The effect of any authority-manipulating user action should
be clearly apparent to the user before the action takes effect.

Question 43

Q

What are the 5 steps in the methodology for physical security?

Answer

A

Assessment, assignment, arrangement, approval, action

Question 44

Q

What is assesment in physical security methodology?

Answer

A

A thorough examination of the facility to be protected
- Scope of the property
- Establish all points of entry and egress
- Potential points of entry and egress
- Existing security measures
- Evaluation of physical property
- Risk assessment (how much risk is there)

Question 45

Q

What is assignment in physical security methodology?

Answer

A

Establish the required level of security for specific areas and assets within the facility
- High level (data centers, executive offices, finance and acconting)
- Medium (Entry and egress, reception, elevators)
- Low level (Common areas, cubicle farm)

Question 46

Q

What is approval in physical security methodology?

Answer

A

Submit all plans, costs to get them approved
- Hardware (quotes form vendors)
- Costs (plan A-B-C - have multiple plans, flexibility, options)
- Schedules (time frame from completion, interference with business operations)

Question 47

Q

What is action in physical security methodology?

Answer

A

Implement the proper security plans
- Construction (construction, inspection, corrections)
- Training (security officers, users, policy)
- Testing (ensure systems works as planned, compliance testing)

Question 48

Q

What are the four fundamental design principles?

Answer

A

Principle of open design, principle of sweeping simplifications, principle of design iteration and principle of least astonishment

Question 49

Q

What is the principle of open design in design principles?

Answer

A

Get others to comment and give feedback on you design. “Given enough eyeballs, all bugs are shallow”.
The more people that looks at the system, the bigger a chance that flaws, vulnerabilities and errors are found.

Question 50

Q

What is the principle of sweeping simplifications in design principles? (KISS - keep it simple stupid)

Answer

A

The less complicated something is, the less likely it is that someone made an error in the design or implementation of the system.
Complexity is the enemy of security.

To achieve this in complex systems, implement layering where each layer implement the principle of sweeping simplifications, and only communicate with the adjacent layers.

Question 51

Q

What is the principle of design for iteration in design principles?

Answer

A

Design your software in a way that makes it possible to implement changes later on.
Important since priorities and threats change over time.
Being able to adapt and update a system over time

Question 52

Q

What is the principle of least astonishment in design principles?

Answer

A

As software are written for the user, if any error occurs, these should be presented in a way that makes sense to the user. The system should create an experience that follows what the user thinks should happen.
Connected to the principle of phsycological acceptability. Security mechanisms should be comprehensable and fit efficiantly into user activities.

Question 53

Q

What is the principle of minimizing secrets in design principles?

Answer

A

Secrets shoul be few and should be easily changable.
These should not be baked into the code, and changing them should not require chenging of the source code.
Should never assume that the attacker can’t see the code - the code itself is not secret.
The security of a mechanism should not depend upon secrecy of it’s design or implementation (obscurity).
Secrets should also maximize entropy, meaning they should increase an attacker’s work factor

Question 54

Q

What is the principle of complete mediation in design principles?

Answer

A

All access to objects should be checked to ensure allowed access. One of the most vital parts of system security is access control.
This principle is often embedded in the piece of software called reference monitor, which checks the authenticity, authorization and integrity of access requests. Every request should be checked.
Access rights are always completely validated, every time an access occurs.

Question 55

Q

What is the principle of fail safe defaults in design principles?

Answer

A

The default values in a system should be sane and secure.
The idea is to “fail-closed”, meaning to fail in a way that does not compromise other parts of the system. “Fail-open” would allow an attacker to achieve some objective. Default behaviour of a system should be a safe one. Don’t fail and then let all requests in, rather fail and let no requests in.
No access by default - for example.

Question 56

Q

What is the principle of least privilege in design principles?

Answer

A

Privileges should only be granted such that an individual can perform their duty, and nothing more. Permissions must also be granular enough to only grant the permission nedded to fulfill the duty. This principle also ensures privacy

Question 57

Q

What is the principle of economy of mechanism in design principles?

Answer

A

Security mechanisms should be as simple as possible. Complex security mechanisms leads to errors.

Question 58

Q

What is the principle of least common mechanism in design principles?

Answer

A

Mechanisms used to access resources should not be shared. Shared resources can lead to denial-of-service attacks or other attacks.
An example is when seperate processes execute with shared CPU/RAM resources, the different processes can affect each other (?).

Question 59

Q

What is security by obscurity?

Answer

A

When a system tries to increase security by hiding parts of the system. For example hide design or implementation. This is not good and will not work, as one should always assume an attacker has access to the source code.

Question 60

Q

What is the principle of separate privileges in seure design patterns?

Answer

A

A protection mechanism is more flexible if it requires two seperate keys to unlock - allowing for two person control.
An example are dual-keys for safety deposit boxes.

Question 61

Q

What is the principle of Physological aceptability in secure design principles?

Answer

A

A policy interface should reflect the user’s mental model of protection. This is to avoid users using a mechanism incorrectly if the mechanism does not make sense to them.
Passwords fail this, even though people know they should use strong passwords, not share them, and not re-use them, people will still do that.

Question 62

Q

What is the physical security principle of “work factor”?

Answer

A

Stronger security will make the attacker work harder, in software security this would translate to trial-and-error attempts. Larger and more complex password and encryptions will lead to more attempts required to guess them. However, as attackers penetrate system by exploiting vulnerabilities that does not rely on trial-and-error this principle does not necessarily relate to all software security situations.

Question 63

Q

What is the physical security principle of “compromise recording”?

Answer

A

A system should keep attack records even if the attacks aren’t blocked.
In software security the benefit of these records can be questionable. If a system weren’t able to prevent an attack that modified data, the attack records themselves may have been modified - questionable integrity.

Question 64

Q

What is the security principle of Defence in depth?

Answer

A

A system shouold be built with independant security layers, making it necessary for an attacker to break through multiple security measures.
This echoes the least common mechanism - but targets a separate problem

Answer 64

A

Ensure that trustworthy software is being executed, or that the software’s behaviour is restricted to enforce the intended security policy. Malware should not be able to redirect the CPU to execute its code with enough privileges.

Answer 65

A

If A trust B, and B trust C, then A also trusts C.

Answer 66

A

Decompose a critical task into separate elements performed by seperate individuals or entities.

Answer 67

A

Reflecting on what can happen to a system, where is the vulnerabilities, what is the security issues?
What are you concerned about an attacker doing?
How can we go about addressing these conserns?
Find out what parts of the system are prioritized, what needs protection and what doesn’t.
Which ways would you protect the different parts of a system?
Think about the integrity of the different parts of the system, and the information stored there.

Answer 68

A

Threats: What threats do we have?
Policy: What policies is put in place to mitigate those threats
Specification: Specify how the policies would work in the system
Design: Design the system
Implementation: Implement the system
Operation and maintenance

As new threats or new things comes up in the cycle, the steps needs to be moved through again to adapt to these changes.

Answer 69

A

Something that can happen to a system
(data leak, data modification…)

Answer 70

A

A weakness in a system that allows for a threat to occur.

Answer 71

A

An action that exploits a vulnerability to cause a threat to occur.

Answer 72

A

As security mechanisms can affect things like performance and costs, complex and unecessary security mechanisms shouldn’t be implemented unless there’s a big enough risk.

Answer 73

A

Data, personell, devices, facilities and systems that allows the organization to achieve its purpose.

Answer 74

A

First we need to get an understanding of the system we are protecting (study the details, are there any design flaws, how does the system work).

Then the assets and resources we are trying to protect are identified.

Then we try to predict who the adversaries/threats against our assets are, and what they might do to try and gain access to the assets (attack trees, attack graphs). What resources and abilities do they have?
Remember, attackers get better over time. If a system is deployed to last over many years, the mitigations should last as long.

Then we try to determine the risk associated with the asstes.

Finally, necessary security techniques are deployed to mitigate the attacks we have.

You prioritize security analysis and develop mitigations based on the potential severity of things.

Answer 75

A

Tools used to list the threats and attacks, and reason how different activites can occur and how these can work together to achieve an attack.
Allows to systematically consider potential attacks that may realize a threat.
The parent node is the action/goal (rob a bank)
The child nodes describes what will happen to make this occur (steal a gun AND hold up the teller). When both child nodes need to happen - are dependant on each other (AND) we draw a connector between them. If only one need to happen (OR) there is no connector between the children (climb through the airvent or sneak in through the back door)
The lowest children/leaf nodes is what needs to happen to achieve their parent, and so on until we reach the root node.

Answer 76

A

Understand your system
Understand what assets/resources need to be protected
Predict who the potential attackers are against a particular asset, and what are the possible attacks?
Perform risk assessment. Determine what is the expected risk (quantitive and qualitative) because of an attack.
Perform risk management. Employ security mechanisms (mitigations), if needed. Determine if these are cost affective.

Answer 77

A

A model used to decide what threats are possible against our system and likely to happen, and that categorizes threats into:

Spoofing:
Tampering
Repudiation
Information disclosure
Denial of servide
Elevation of Privilege

Answer 78

A

A model used to rank threats in order to know what is most important to take care of immediately. The method ranks threats based on:
- Damage
- Reproducibility
- Exploitation cost
- Affected users
- Discoverability

Rate each of these from 1-5 and add these up to a total rating for the given attack.

Answer 79

A

Whenever there is an asset, that asset may be at risk. A risk is when there is a chance that a negative event will occur that may cause loss of value.

Answer 80

A

The process of identifying assets at risk, putting measurements on potential loss and assigning a probability of a negative event occuring.
Process of planning how to control risk.

Answer 81

A

risk = p(attack) * c(attack)
p: probability
c: consequence

Answer 82

A

Subset of assets including information, IT processes and functionality, IT systems.

Answer 83

A

Risk reduction, mitigation, transfer and acceptance

Answer 84

A

Making it less likely that a negative event happens

Answer 85

A

Making it so that when something negative happens, it is less impactful

Answer 86

A

Making it so that when a negative event happens, all the negative impact does not land on you.

Answer 87

A

When one is willing to accept the given amount of risk

Answer 88

A

Compute the expected monetary loss of all events that affect and asset.
Then calculate the probability of each event occuring.
Use risk formula to calculate an exact numerical risk value.

Answer 89

A

Use categories such as low, medium and high to label events that threatens an asset and label the consequence of this event occuring.
High impact + low probability = Medium risk

Answer 90

A

The department of defense in the USA is using these labels to label risk:
Confidential: Unautherized disclosure of which reasonably could be expected to cause damage to national security

secret: Unautherized disclosure of which reasonably could be expected to cause serious damage to national security

top secret: Unautherized disclosure of which reasonably could be expected to cause exceptionally grave damage to national security

Answer 91

A

It gives you an exact number that can be presented and compared with other senarios.
Good for reliability questions (disks failing, time to failure)

Answer 92

A

Failures are not random. Attackers and their skill-level and motivation can drastically change a company’s risk profile.
This makes it difficult to calculate probability.
Difficult to be sure the values calculated are correct and presise, will often be inaccurate.

Answer 93

A

The monetary loss of one asset being compromised because of a risk

Answer 94

A

Describes the annual frequency of a threat occuring

Answer 95

A

Multiply the SLE with the ARO (SLE x ARO)

Answer 96

A

The model identifies what adversaries must complete in order to achieve their goal.
Understanding the steps of an attack.

Answer 97

A

Boolean labels: If a node is expensive/non-expensive, possible/impossible, easy to estimate/measure/label

Continuous label: exact cost of node (75K), difficult to measure presisely - potential large error

Answer 98

A

Identifying security risk, requirements and recovering strategies.
Involves defined processes through which designers develop security mechanisms.

Answer 99

A

Identifying security risk, requirements and recovering strategies.
Involves defined processes through which designers develop security mechanisms.

Answer 100

A

Characterizing the system: Understanding system componentsand their interconnections, understanding assumptions, dependencies. Creating a system model emphasizing its main characteristics

Identifying assets and access points

Identifying threats: Creates the threat profile of the system. Describes which attacks needs to be mitigated and which are accepted as low risk

Answer 101

A

Understanding system componentsand their interconnections, understanding assumptions, dependencies.
Using different modeling techniques (Network modelling, Data Flow Diagrams, to dissect a system into its functional components)

Answer 102

A

Allows for easier identifying threats by following adversary’s data and command as they are processed by the system. See how they are parsed and acted on, and seeing which assets they interract with

Answer 103

A

Who are the potential adversariies?
What is their motivation and goals?
How much inside information do they have?

Answer 104

A

What attackers use to gain access to the assets (sockets, config files, read/write filesystem access)

Answer 105

A

Is a boundary across which there is a varied level of trust

Answer 106

A

The level of trust needed to access certain parts of a system

Answer 107

A

Stepping through each system asset and connect a list of attack goals to that asset.
Correlating threats to assets by creating adversary hypotheses

Answer 108

A

Using someone else’s credentials to gain access to an asset

Answer 109

A

Changing data to mount an attack

Answer 110

A

When a user denies performing an action, but the target of the action has no way of prooving othervise

Answer 111

A

Disclosure of information to a user who does not have permissions to see it

Answer 112

A

Reducing the ability of valid users to access resources

Answer 113

A

Occurs when an unprivileged user gain privileged status

Answer 114

A

Reduce the risk or the consequences with countermeasures

Answer 115

A

Having insurance, giving warnings

Answer 116

A

Root node: Goal

Leaf nodes: Different ways of achieving the goal
AND nodes: Represent steps to achieving the same goals. Nodes with the same parent, that all needs to be fulfilled
OR nodes: Alternative ways to achieve the same goal

Node values: Bool (Impossible I, Possible P, legal/illegal, expensive/non-expensive), continuous (exact cost, probability…). Can combine continuous values - node have both cost and probability. Or cost and f it needs special equipment to execute. Countermeasures can affect node values: bribing would originaly be 10K, but if you pay them 80K, the new cost would be 70K.

Bool Value of OR node: Possible if any child is possible
Bool Value of AND node: Only possible if all children arepossible
Continuous value of OR node: Value of cheapest child
Continuous value of AND node: Sum of all children

Answer 117

A

Identify goals- these will be the root nodes of individual trees.
Think of all attacks against each goal and add them as child-nodes down the tree.
Repeat down the tree until done.
Research node values

Answer 118

A

A security policy is a statement that partitions a system into a set of secure and authorized states, and a set of non-secure or unautherized states.
A secure system will start in an authorized state and cannot enter an unauterized state
A breach of security occurs when a system enters an unautherized state.

Answer 119

A

A security policy that lists a sries of rules that must be followed in order to ensure safety of the organization. Tells you what you are and aren’t supposed to do.

The second is a more technical and complete way to model a security policy. A security policy will ensure that one can only reach/transitiobn to a secure state of a system when one starts off at a secure state of the system.

Security policies for a system should take care of and ensure different security properties are being achieved. For example properties such as integrity, availability and confidentiality.

Answer 120

A

X are some entities, and Y are some information. Y has the property of confidentiality with respect to X if no member of X can obtain information of Y. A confidentiality policy is effective if the policy ensures Y its property of confidentiality.

Answer 121

A

X are some entities, and Y are some information. Y has the property of integrity with respect to X if Y is unmodifiable by X. A integrity policy is effective if the policy ensures Y its property of integrity.

Answer 122

A

X are some entities, and Y are some information. Y has the property of availability with respect to X if all members of X can access Y. A availability policy is effective if the policy ensures Y its property of availability.

Answer 123

A

The thing that actually enforces a policy. The things that do the actions that prevent you from bypassing a policy.

Answer 124

A

policies set rules, mechanisms enforces them

Answer 125

A

Policies design to protect information and prevent it from getting in the wrong hands.

Answer 126

A

Integrity based security policies that tries to prevent people from tampering with and modify information.

Answer 127

A

A model that represent a bunch of security policies to make us understand if the set of policies do infact provide the necessary protection for the system we want to protect.
Put the policies and all its actors into context.

Answer 128

A

A model that represent a bunch of security policies to make us understand if the set of policies do infact provide the necessary protection for the system we want to protect.
Put the policies and all its actors into context.

Answer 129

A

A model used to provide confidentiality to a system.
Have a set of subjects and objects where each subject and object has their own clearance and/or classification to them.
There is different rules of who are able to read and write to these subjects of different classification.

Classification examples: Top Secret, secret, confidential, unclassified
Who can read files in a system?
- Every person who has reason to read the given files, and whos classification is the level above the files level. Meaning people can read all files with lower (or the same) classification as themselves, that they have reason to read.

Answer 130

A

Simple security property:
You can only read information with the same clearance as yourself, or clearance below, that you have a reason for needing to read. Security clearance of object has to be at least as high as that of the object. L(o) <= L(s), s: subject, o: object

Start property (*-property):
People can only write to things at their level of clearance, or higher. A subject s who have read access to an object p, may have write access to an object o, as long as o has higher clearance than p, and s has discretionary write access to o. L(o) >= L(p).

Answer 131

A

The two rules want to prevent classified information to leak to subjects with lower classification that the information it self. This is prevented by not allowing write-down, meaning a person who can read top level cleared information, cannot write to files below this top clearance level.

Answer 132

A

If you have a system with a secure initial state, and you define all the transformations according to the two rules/properties of the BLP model, a system will be secure.

Answer 133

A

People of high clearance often need to communicate with people below their clearance. However, to allow this, the *-Property of the BLP model is ignored, meaning the models theoretical guarantee of the security of a system is broken.

Answer 134

A

If a person need to know certain information, they should be able to obtain and read it. However, if a person not necessarily needs to know a piece of information, even if the information is of the same clearance level, they should not be able to obtain it.

Answer 135

A

Information should be appointed a compartment in addition to a clearance level. If a person want to read the information in a compartment, they would then need both the required clearance level, in addition to access to the given compartment.

Answer 136

A

An assumption maked in the BLP model is that security levels of information and subjects are constant. This is however often not the case in practise.
With tranquility you want to think about how security levels within a system can change. Strong tranquility would mean that security properties will not change during the lifetime of the system, where as weak tranquility would mean that security properties will change over time, but not in a way that violates the security assumptions.

Answer 137

A

Model focusing on integrity and has a hierarchical construction.
Each object and subject in a system is labeled with an integrity label.
If someone wishes to write to some piece of data, the data should benefit from the integrity of the individual, or at least remain neutral.
This means that a subject can only write to data equal to its level, or below.
Subject should only read data that would increase their integrity, meaning they can only read data with greater or equal integrity to their own.

Answer 138

A

BLP is for confidentiality and Biba is for integrity.
The hierarchicals structure of the models are reversed:
- BLP allows read-down, but not write-down (read equal or below, write equal or above.)
- Biba allows read-up, but not write-up (read equal or above, write equal or below.)

Answer 139

A

More practical model compared to the Biba model and the BLP model.
Contains three principles that ensure an organization remains safe.
- Separation of duty: If two or more steps are required to perform a critical function, at least two different people should perform the steps.
- Separation of function: Resources such as servers, repositories, etc. should be isolated from each other based on function.
- Auditing

Answer 140

A

More practical model compared to the Biba model and the BLP model.
Contains three principles that ensure an organization remains safe.
- Separation of duty: If two or more steps are required to perform a critical function, at least two different people should be needed to perform the steps.
- Separation of function: Resources such as servers, repositories, etc. should be isolated from each other based on function. Example, don’t run testing and production code on the same systems.
- Auditing: An organization should analyze system to determine what actions took place, and who performed them. (Focus on non-repudiation)

Can use Biba and BLP to prove the system holds the necessary security properties

Answer 141

A

Tackles how an entity is allowed to change data. The model formalizes the notion of information integrity. Uses transactions, which are way of doing modification of data in a database.
The model defines enforcement rules and certification rules that define data items and processes that provide the basis for an integrity policy.
One party goes and does a transaction, and another arty certifies that the transaction are accurate and follows a set of rules. As long as both parties does not collude, the system is secure.

Answer 142

A

The model builds on the principle of avoiding conflict of interests between different businesses, by allowing for a company to only provide services for companies that do not directly compete with each other.

Answer 143

A

The model builds on the principle of avoiding conflict of interests between different businesses, by allowing for a company to only provide services for companies that do not directly compete with each other.

Answer 144

A

The expectation that arises within a community of regular, honest, cooperative behaviour based on commonly shared norms.

For example, when we say we trust security mechanisms, we don’t trust the mechanisms themselves, but rather the organisation that implemented them. The reason we trust the organisation is because of our common set of norms, which include the concept that a security mechanism should protect data, and not put it at any risk.

Answer 145

A

Security policies are related to trust, because they are related to mechanisms, which are inherently trust decisions.

Security policies communicate to trustworthy and cooperative people that norms are expected of them. As these parties as cooperative, they will comply to these expectations.

When defining trust reliant on the concept of shared norms, a security policy is an explicit definition of the norms on which we base our trust desicions.
(Policies define what we expect of parties in regards to their behaviour and intent).

Answer 146

A

A trust boundary is creating. This essentially mean that the system is divided into parts we expect untrusted-subject to have access to, and parts only trysted parties an access.

Answer 147

A

If system would be designed to create trust bounderies for every possible subject, at some point the costs of implementation would exceed the cost of potential negative outcome. Therefore it is important to realise that some parties, actually most parties, are trustworthy and comply with social norms.

Answer 148

A

What behaviour do we want to see upheld?
Is our policies clear? (violation of policies are more likely to be caused my misunderstanding than of malicious intent)
Who do we trust and distrust?

Answer 149

A

Moral pressure (we are taught from a young age toact according to social norms)
Reputational pressure (Companies would not want to be caught doing something that could destroy their reputation)
Institutional pressure (if penalty exceed the potential gain, most people would stay away from the action)

Answer 150

A

Do I trust the mechanism?
Does the asset sit between the asset i wish to protect and the untrusted party? Does it create the proper trust boundary?
Does the mechanism enforce the norm or desired policy?

Answer 151

A

The management of the organisation should actively take action to comply with the policies. If not, it will be difficult to get the rest of the organisation to comply.

Answer 152

A

Managers, system designers, end users in some degree, company lawyers

Answer 153

A

Inclusive- and exclusive policies

Answer 154

A

Policies that specifically defines which behaviour is allowed. Behaviour that is not mentioned, is automatically not allowed.
(White list)

Answer 155

A

Policies that specifically defines which behaviour is not allowed. Behaviour that is not mentioned, is automatically allowed.
(Black list)

Brainscape's Knowledge GenomeTM

Introduction to Information security Flashcards

Brainscape's Knowledge Genome^TM