Lesson 1

Question 1

study of how to protect information from destruction, degradation, manipulation, and exploitation, and also how to recover it

Answer 1

information assurance

Question 2

timely, reliable access to data and information for authorized users

Answer 2

availability

Question 2

what are the aspects of information needing protection

Answer 2

availability, integrity, confidentiality, authentication, non-repudiation

Question 3

protection against unauthorized modification of information

Answer 3

integrity

Question 3

assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of sender’s identity

Answer 3

non-repudiation

Question 4

assurance that information is not disclosed to unauthorized persons

Answer 4

confidentiality

Question 5

four major categories of information assurance

Answer 5

physical security, personnel security, it security, operational security

Question 6

give examples of proper practice of information assurance

Answer 6

hard to guess passwords
encrypting hard drives
locking sensitive documents
assigning security clearances to staffers
using SSL for data transfers
having off-site backup of documents

Question 7

what does SSL mean

Answer 7

secure socket layer protocol; websites that are safe or have https

Question 8

protection of hardware, software, and data against physical threats to prevent loss of assets

Answer 8

physical security

Question 9

variety of ongoing measures taken to reduce the likelihood and severity of accidents

Answer 9

personnel security

Question 10

inherent technical features and functions that collectively contribute to an IT infrastructure

Answer 10

IT security

Question 11

involves the implementation of standard operational security procedures

Answer 11

operational security

Question 12

the objective of operational security is to

Answer 12

achieve a known secure system state at all times
prevent accidental or intentional theft, release destruction, alteration, misuse, or sabotage of system resources

Question 13

according to raggad’s taxonomy of information security, what are the five interacting components in a computing environment

Answer 13

activities, people, data, technology, networks

Question 14

desired effect: to affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender

Answer 14

physical level

Question 14

three levels of information security

Answer 14

physical, information infrastructure, perceptual

Question 15

attacker’s operation: physical attack and destruction–electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, eavesdropping

Answer 15

physical level

Question 16

defender’s operation: COMPSEC, COMSEC, ITSEC, OPSEC

Answer 16

physical level

Question 17

covers information and data manipulation ability maintained in cyberspace

Answer 17

infrastructure level

Question 18

desired effects: influence the effectiveness and performance of information functions

Answer 18

infrastructure level

Question 19

attackers operations: impersonation, piggybacking, spoofing, network attacks, malware, authorization attacks, active misuse, and denial of service

Answer 19

infrastructure level

Question 20

defender’s operation: encryption and key management, intrusion detection, anti-virus software, auditing, redundancy, firewalls, policies and standards

Answer 20

infrastructure level

Question 21

perceptual level is also called

Answer 21

social engineering

Question 22

desired effects: to influence decisions and behaviors

Answer 22

desired effects: to influence decisions and behaviors

Question 23

defender’s operations: psychological testing, education, biometrics, watermarks, keys, passwords

Answer 23

perceptual level

Question 24

attacker’s operations: deception, blackmail, bribery and corruption, social engineering, trademark and copyright infringement, defamation, diplomacy, creating distrust

Answer 24

perceptual level

Question 25

flip side of information assurance

Answer 25

information warfare

Question 26

info warfare - type 1

Answer 26

managing an opponent’s perception through psychological operations/truth projection

Question 27

information warfare - type 2

Answer 27

denying, destroying, degrading, or distorting the opponent’s information flows to disrupt their ability to carry out operations

Question 28

information warfare - type 3

Answer 28

gathers intelligence by exploiting the opponent’s use of information systems

Question 29

gains unauthorized access to information systems for thrills, challenge, power, or profit

Answer 29

hackers

Question 29

who are the offensive players int he world of IW

Answer 29

insiders, hackers, criminals, corporations, governments, terrorists

Question 30

consists of employees

Answer 30

insiders

Question 31

target information that may be of value to them

Answer 31

criminals

Question 32

actively seek intelligence on competitors or steal trade secrets

Answer 32

corporations

Question 33

politically motivated and may seek to cause maximal damage to information and infrastructure

Answer 33

terrorists

Question 34

seek military, diplomatic, and economic secrets of foreign governments

Answer 34

governments

Question 35

relies on established procedures and mechanisms for prioritizing restoration of essential functions

Answer 35

capability restoration

Question 36

a resource being protected

Answer 36

asset

Question 36

devices, computers, people

Answer 36

physical assets

Question 37

logical assets

Answer 37

information, data, intellectual property

Question 38

system assets

Answer 38

any software, hardware, data, administrative, physical, communications, or personnel resource

Question 39

the items being protected by the system

Answer 39

objects

Question 40

entities that execute activities and request access to objects

Answer 40

subjects

Question 41

operations, primitive or complex, that can operate on objects must be controlled

Answer 41

actions

Question 42

the information is free of error and has the value expected

Answer 42

accuracy

Question 43

the information is genuine

Answer 43

authenticity

Question 44

the information has not been disclosed to unauthorized parties

Answer 44

confidentiality

Question 45

the information is whole, complete, and uncorrupted

Answer 45

integrity

Question 46

the information has value for the intended purpose

Answer 46

utility

Question 47

the data is under authorized ownership and control

Answer 47

possession

Question 48

security measures to establish the validity of a transmission, message, or originator

Answer 48

authentication