Lesson 1

Question 1

This is the study of how to protect your information assets from destruction, degradation, manipulation, and exploitation. But also how to recover should any of those happen

Answer 1

Information Assurance (AI)

Question 2

What are the five aspects of information needed protection

Answer 2

• Availability
• Integrity
• Confidentiality
• Authentication
• Non-repudiation

Question 3

This talks about timely, reliable access to data and information services and authorized users

Answer 3

Availability

Question 4

This talks about protection against unauthorized modification or destruction of information

Answer 4

Integrity

Question 5

This talks about assurance that information is not disclosed to unauthorized persons

Answer 5

Confidentiality

Question 6

This talks about security measures to establish the validity of a transmission, message, or originator

Answer 6

Authentication

Question 7

This talks about the assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of the sender’s identity, so that neither can later deny having processed the data.

Answer 7

Non-repudiation

Question 8

True or False:
IT security cannot be accomplished in a vacuum, because there are a multitude of dependencies and interactions among all four security engineering domains.

Answer 8

True

Question 9

What are the four major categories of Information Assurance?

Answer 9

• Physical Security
• Personnel Security
• IT Security
• Operational Security

Question 10

What are the proper practice of Information Assurance?

Answer 10

1. Enforcing hard-to-guess passwords
2. Encrypting hard drives
3. Locking sensitive documents in a safe
4. Assigning security clearances to staffers
5. Using SSL for data transfers
6. Having off-site backup of documents

Question 11

This refers to the protection of hardware, software, and data against physical threats to reduce or prevent disruptions to operations and services and loss of assets.

Answer 11

Physical Security

Question 12

This is a variety of ongoing measures taken to reduce the likelihood and severity of accidental and intentional alteration, destruction, misappropriation, misuse, misconfiguration, unauthorized distribution, and unavailability of an organization’s logical and physical assets, as the result of action or inaction by insiders and known outsiders, such as business partners.

Answer 12

Personnel Security

Question 13

This is the inherent technical features and functions that collectively contribute to an IT infrastructure achieving and sustaining confidentiality, integrity, availability, accountability, authenticity, and realiability

Answer 13

IT Security

Question 14

This involves the implementation of standard operational security procedures that define the nature and frequency of the interaction between users, systems, and system resources.

Answer 14

Operational Security

Question 15

What are the purpose of operational security?

Answer 15

1. Achieve and sustain a known secure system state at all time
2. Prevent accidental or intentional theft, release, destruction, alteration, misuse, or sabotage of system resources.

Question 16

According to this, a computing environment is made up of five continuously interacting components. And information assurance includes computer and information security.

Answer 16

Raggad’s Taxonomy of Information Security

Question 17

What are the five continuously interacting components when it comes to a computing environment?

Answer 17

1. Activities
2. People
3. Data
4. Technology
5. Networks

Question 18

According to them, information assurance can be thought of as protecting information at three distinct levels.

Answer 18

Blyth and Kovacich

Question 19

What are the three distinct levels when it comes information assurance as protecting information?

Answer 19

1. Physical
2. Information Infrastructure
3. Perceptual

Question 20

This talks about data and data processing activities in physical space.

Answer 20

Physical

Question 21

This talks about information and data manipulation abilities in cyberspace.

Answer 21

Information Infrastructure

Question 22

This talks about knowledge and understanding in human decision space.

Answer 22

Perceptual

Question 23

What is the lowest level focus of Information Assurance

Answer 23

Physical Level

Question 24

This talks about computers, physical network, telecommunications and supporting systems such as power, facilities and environmental controls. Also at this level are the people who manage the systems.

Answer 24

Physical Level

Question 25

What is the desired effect in physical level?

Answer 25

This is to affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender.

Question 26

What is the attacker’s operations in physical level?

Answer 26

This talks about physical attack and destruction

Question 27

What are the examples of Attacker’s Operations in Physical level?

Answer 27

1. Electromagnetic Attack
2. Visual Spying
3. Intrusion
4. Scavenging and Removal
5. Wiretapping
6. Interference
7. Eavesdropping

Question 28

What is the Defender’s operation in physical level?

Answer 28

This talks about physical security, operations security, and telecommunications electronics materials protected from emanating spurious transmissions

Question 29

What are the information assurance aspects when it comes to the defenders operation in physical level.

Answer 29

1. COMPSEC
2. COMSEC
3. ITSEC
4. OPSEC

Question 30

Meaning of COMPSEC

Answer 30

Computer Security

Question 31

Meaning of COMSEC

Answer 31

Communication and Network Security

Question 32

Meaning of ITSEC

Answer 32

The Information Technology Security Evaluation Criteria
(which includes both COMPSEC and COMSEC)

Question 33

Meaning of OPSEC

Answer 33

Operations Security

Question 34

What is the second level focus of Information Assurance?

Answer 34

Information Infrastructure Level

Question 35

This covers information and data manipulation ability maintained in cyberspace

Answer 35

Information Infrastructure Level

Question 36

What are the things included in Information Infrastructure Level?

Answer 36

1. Data Structures
2. Processes and Programs
3. Protocols
4. Data Content and Databases

Question 37

What is the desired effects in Information Infrastructure Level?

Answer 37

To influence the effectiveness and performance of information functions supporting perception, decision making, and control of physical processes.

Question 38

What is the Attackers Operation in Information Infrastructure level?

Answer 38

1. Impersonation
2. Piggybacking
3. Spoofing
4. Network Attacks
5. Malware
6. Authorization Attacks
7. Active Misuse
8. Denial of Service Attack

Question 39

What is the Defender’s Operations in Information Infrastructure level?

Answer 39

1. Encryption and Key Management
2. Intrusion Detection
3. Anti-virus Software
4. Auditing
5. Redundancy
6. Firewalls
7. Policies and Standards

Question 40

What is the third level focus of Information Assurance

Answer 40

Perceptual Level or Social Engineering

Question 41

This is abstract and concerned with the management of perceptions of the target, particularly those persons making security decisions

Answer 41

Perceptual Level

Question 42

What is the desired effects in perceptual level

Answer 42

To Influence decisions and behavior

Question 43

What is the Attacker’s Operations in Perceptual Level?

Answer 43

Psychological Operations:
1. Deceptions
2. Blackmail
3. Bribery and Corruption
4. Social Engineering
5. Trademark and Copyright Infringement
6. Defamation
7. Diplomacy
8. Creating Distrust

Question 44

What is the Defender’s Operations in Perceptual Level?

Answer 44

Personnel Security:
1. Psychological Testing
2. Education
3. Screening (Biometrics, Watermarks, Keys, and PasswordsA)

Question 45

This is the flip side of information assurance and this think as the offensive part.

Answer 45

Information Warfare

Question 46

This involves managing an opponent’s perception through deception and psychological operations. In military circles, this is called Truth Projection

Answer 46

Type I

Question 47

This involves denying, destroying, degrading, or distorting the opponent’s information flows to disrupts their ability to carry out or coordinate operations

Answer 47

Type II

Question 48

This gathers intelligence by exploiting the opponent’s use of information systems

Answer 48

Type III

Question 49

What are the offensive players in the world of Information Warfare

Answer 49

1. Insiders
2. Hackers
3. Criminals
4. Corporations
5. Governments and Agencies
6. Terrorists

Question 50

These consists of employees, former employees, and contractors

Answer 50

Insiders

Question 51

These are the one who gains unauthorized access to or breaks into information systems for thrills, challenge, power, or profit

Answer 51

Hackers

Question 52

These are target information that may be of value to them: bank accounts, credit card information, intellectual property

Answer 52

Criminals

Question 53

These are actively seek intelligence about competitors or steal trade secrets

Answer 53

Corporations

Question 54

These seek the military, diplomatic, and economic secrets of foreign governments, foreign corporations, and adversaries. May also target domestic adversaries

Answer 54

Governments

Question 55

These usually politically motivated and may seek to cause maximal damage to information infrastructure as well as endanger lives and property

Answer 55

Terrorists

Question 56

True or False:
Information Assurance is both Proactive and Reactive

Answer 56

True

Question 57

Since Information Assurance is both Proactive and Reactive, what does it involves?

Answer 57

Protection
Detection
Capability Restoration
Response

Question 58

What are the IA environmental protection pillars

Answer 58

Ensure the Availability
Integrity
Authenticity
Confidentiality
Non-repudiation of Information

Question 59

This talks about the timely attack detection and reporting is key to initiating the restoration and response processes

Answer 59

Attack Detection

Question 60

These relies on established procedures and mechanisms for prioritizing restoration of essential functions.

Answer 60

Capability Restoration

Question 61

This may rely on backup or redundant links, information system components, or alternative means of information transfer

Answer 61

Capability Restoration

Question 62

This is the resource being protected

Answer 62

Asset

Question 63

What are the types of Assets?

Answer 63

Physical Assets
Logical Assets
System Assets

Question 64

What are the examples of Physical Assets

Answer 64

Devices
Computers
People

Question 65

What are the examples of Logical Assets?

Answer 65

Information
Data in Transmission
Data in Storage
Data in Processing
Intellectual Property

Question 66

What are the examples of System Assets

Answer 66

Software
Hardware
Data
Administrative
Physical
Communications
Personal Resource within an information system

Question 67

These have value so are worth protecting

Answer 67

Assets

Question 68

Often a security solution/policy is phrased in terms of the following three categories, what are those three categories?

Answer 68

Objects
Subjects
Actions

Question 69

These are the items being protected by the system

Answer 69

Objects

Question 70

Example of Objects

Answer 70

Documents
Files
Directories
Databases
Transactions

Question 71

These are entities that execute activities and request access to objects

Answer 71

Subjects

Question 72

Example of Subjects

Answer 72

Users
Processes

Question 73

These are operations, primitive, or complex, that can operate on objects and must be controlled.

Answer 73

Actions

Question 74

What are the critical aspects that information assets may have?

Answer 74

1. Availability
2. Accuracy
3. Authenticity
4. Confidentiality
5. Integrity
6. Utility
7. Possession

Question 75

These authorized users are able to access it

Answer 75

Availability

Question 76

This talks about the information is free of error and has the value expected

Answer 76

Accuracy

Question 77

This talks about the information is genuine

Answer 77

Authenticity

Question 78

This information has not been disclosed to unauthorized parties

Answer 78

Confidentiality

Question 79

This information is whole, complete, uncorrupted

Answer 79

Integrity

Question 80

This information has value for the intended purpose

Answer 80

Utility

Question 81

This data is under authorized ownership and control

Answer 81

Possession