Midterm

Question 1

C.I.A stands for…?

Answer 1

Confidentiality
Integrity
Availability

Question 2

it offers a high level of assurance that data, objects, or resources are restricted from unauthorized subjects.

Answer 2

Confidentiality

Question 3

Confidentiality and integrity depend on each other. Without object integrity, confidentiality cannot be maintained.
True or False?

Answer 3

True

Question 3

Aspects of Confidentiality (8)

Answer 3

1. Sensitivity
2. Discretion
3. Criticality
4. Concealment
5. Secrecy
6. Privacy
7. Seclusion
8. Isolation

Question 4

refers to the quality of information, which could cause harm or damage if disclosed. Maintaining confidentiality of sensitive information helps to prevent harm or damage.

Answer 4

Sensitivity

Question 5

is an act of decision where an operator can influence or control disclosure in order to minimize harm or damage.

Answer 5

Discretion

Question 6

The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information.

Answer 6

Criticality

Question 7

is the act of hiding or preventing disclosure.
is viewed as a means of cover, obfuscation, or distraction.

Answer 7

Concealment

Question 8

is the act of keeping something a secret or preventing the disclosure of information.

Answer 8

Secrecy

Question 9

refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.

Answer 9

Privacy

Question 10

involves storing something in an out-of-the-way location. This location can also provide strict access controls. Can help enforcement confidentiality protections.

Answer 10

Seclusion

Question 11

is the act of keeping something separated from others.
Can be used to prevent commingling of information or disclosure of information.

Answer 11

Isolation

Question 12

it offers a high level of assurance that the data, objects, and resources are unaltered from their original protected state.
Alterations should not occur while the object is in storage, in transit, or in process.

Answer 12

Integrity

Question 13

Integrity can be examined from three perspectives: (3)

possible question? Not sure

Answer 13

1. Preventing unauthorized subjects from making modifications.
2. Preventing authorized subjects from making unauthorized modifications, such as mistakes
3. Maintaining the internal and external consistency of objects so that their data is a correct and true relection of the real world.

Question 14

Authorized subjects are granted timely
and uninterrupted access to objects.
Includes efficient uninterrupted access to objects and prevention of denial-of-service (DoS) attacks.

Answer 14

Availability

Question 15

Other Security Concepts (6 ,by order)

Answer 15

1. Identification
2. Authentication
3. Authorization
4. Auditing
5. Accountability
6. Nonrepudiation

Question 16

is the process by which a subject professes an identity and accountability is initiated.

Answer 16

Identification

Question 17

The process of verifying or testing that the claimed identity is valid.
Requires from the subject additional information that must exactly correspond to the identity indicated.

Answer 17

Authentication

Question 18

Once a subject is authenticated, access must be authorized.

Answer 18

Authorization

Question 19

or monitoring, is the programmatic means by which a subject’s actions are tracked and recorded for the purpose of holding the subject accountable for their actions while authenticated on a system.

Answer 19

Auditing

Question 20

relies on the capability to prove a subject’s identity and track their activities.

Answer 20

Accountability

Question 21

ensures that the subject of an activity or event cannot deny that the event occured.

Answer 21

Nonrepudiation

Question 22

Protection Mechanisms: (3)

Answer 22

1. Layering
2. Abstraction
3. Data Hiding

Question 23

also known as defense in depth, is simply the use of multiple controls in a series.
Using a multilayered solution allows for numerous, different controls to guard against whatever threats come to pass.

Answer 23

Layering

Question 24

is used for efficiency. Similar elements are put into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective.

Answer 24

Abstraction

Question 25

preventing data from being discovered or accessed by a subject by positioning the data in a logical storage compartment that is not accessible or seen by the subject.

Answer 25

Data Hiding

Question 26

Types of Copoporate Plans that should include the IT security (3):

Answer 26

1. Strategic Plan
2. Tactical Plan
3. Operational Plan

Question 27

is a long-term plan that is fairly stable. Also serves as the planning horizon.

Answer 27

Strategic Plan

Question 28

is a midterm plan developed to provide more details on accomplishing the goals set forth in the strategic plan or can be crafted ad-hoc based upon unpredicted events.

Answer 28

Tactical Plan

Question 29

is a short-term, highly detailed plan based on the strategic and tactical plans. It is valid or useful only for a short time.

Answer 29

Operational Plan