Lesson 1 Flashcards

1
Q

study of how to protect information from destruction, degradation, manipulation, and exploitation, and also how to recover it

A

information assurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what are the aspects of information needing protection

A

availability, integrity, confidentiality, authentication, non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

timely, reliable access to data and information for authorized users

A

availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

protection against unauthorized modification of information

A

integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

assurance that information is not disclosed to unauthorized persons

A

confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of sender’s identity

A

non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

four major categories of information assurance

A

physical security, personnel security, it security, operational security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

give examples of proper practice of information assurance

A
  • hard to guess passwords
  • encrypting hard drives
  • locking sensitive documents
  • assigning security clearances to staffers
  • using SSL for data transfers
  • having off-site backup of documents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what does SSL mean

A

secure socket layer protocol; websites that are safe or have https

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

category of IA: protection of hardware, software, and data against physical threats to prevent loss of assets

A

physical security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

variety of ongoing measures taken to reduce the likelihood and severity of accidental and intentional alteration, destruction,
misappropriation, misuse, misconfiguration, unauthorized distribution, and
unavailability of an organization’s logical and physical assets, as the result
of action or inaction by insiders and known outsiders, such as business
partners.

A

personnel security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

inherent technical features and functions that collectively contribute to an IT infrastructure

A

IT security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

involves the implementation of standard operational security procedures that define the nature and frequency of interaction between users, systems, and system resources

A

operational security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

the objective of operational security is to

A
  • achieve a known secure system state at all times
  • prevent accidental or intentional theft, release destruction, alteration, misuse, or sabotage of system resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

according to raggad’s taxonomy of information security, what are the five interacting components in a computing envi

A

activities, people, data, technology, networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

three levels of information security

A

physical, information infrastructure, perceptual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

desired effect: to affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender

A

physical level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

attacker’s operation: physical attack and destruction–electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, eavesdropping

A

physical level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

defender’s operation: COMPSEC, COMSEC (communications and network security), ITSEC, OPSEC

A

physical level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

covers information and data manipulation ability maintained in cyberspace

A

information infrastructure level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

desired effects: influence the effectiveness and performance of information functions

A

information infrastructure level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

attackers operations: impersonation, piggybacking, spoofing, network attacks, malware, authorization attacks, active misuse, and denial of service

A

information infrastructure level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

defender’s operation: encryption and key management, intrusion detection, anti-virus software, auditing, redundancy, firewalls, policies and standards

A

infrastructure level

24
Q

perceptual level is also called

A

social engineering

25
Q

desired effects: to influence decisions and behaviors

A

perceptual level

26
Q

attacker’s operations: deception, blackmail, bribery and corruption, social engineering, trademark and copyright infringement, defamation, diplomacy, creating distrust

A

perceptual level

27
Q

defender’s operations: psychological testing, education, biometrics, watermarks, keys, passwords

A

perceptual level

28
Q

flip side of information assurance

A

information warfare

29
Q

info warfare - type 1

A

managing an opponent’s perception through psychological operations/truth projection

30
Q

information warfare - type 2

A

denying, destroying, degrading, or distorting the opponent’s information flows to disrupt their ability to carry out operations

31
Q

information warfare - type 3

A

gathers intelligence by exploiting the opponent’s use of information systems

32
Q

who are the offensive players in the world of IW

A

insiders, hackers, criminals, corporations, governments, terrorists

33
Q

consists of employees

A

insiders

34
Q

gains unauthorized access to information systems for thrills, challenge, power, or profit

A

hackers

35
Q

target information that may be of value to them

A

criminals

36
Q

IW Player: actively seek intelligence on competitors or steal trade secrets

A

corporations

37
Q

seek military, diplomatic, and economic secrets of foreign governments

A

governments

38
Q

IW Player: politically motivated and may seek to cause maximal damage to information and infrastructure

A

terrorists

39
Q

relies on established procedures and mechanisms for prioritizing restoration of essential functions

A

capability restoration

40
Q

a resource being protected

A

asset

41
Q

devices, computers, people

A

physical assets

42
Q

logical assets

A

information, data, intellectual property

43
Q

any software, hardware, data, administrative, physical, communications, or personnel resource

A

system assets

44
Q

the items being protected by the system (files, data, directories, documents, databases, transactions)

A

objects

45
Q

entities that execute activities and request access to objects

A

subjects

46
Q

operations, primitive or complex, that can operate on objects must be controlled

A

actions

47
Q

the information is free of error and has the value expected

A

accuracy

48
Q

the information is genuine

A

authenticity

49
Q

the information has not been disclosed to unauthorized parties

A

confidentiality

50
Q

the information is whole, complete, and uncorrupted

A

integrity

51
Q

the information has value for the intended purpose

A

utility

52
Q

the data is under authorized ownership and control

A

possession

53
Q
A
54
Q

security measures to establish the validity of a transmission, message, or originator

A

authentication

55
Q

what is necessary for information warfare?

A

motive, means, and opportunity