Mindset Goals Challenges

Question 1

Security

Answer 1

The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resource; multilayered multifaceted concept.

Question 2

C.I.A. Triad

Answer 2

Confidentiality, integrity, and availability, a well-known, venerable model for the development of security policies used in identifying problem areas, along with necessary solutions in the arena of information security. Primary security goals

Question 3

Confidentiality

Answer 3

avoidance of the unauthorized disclosure of information; access control lists, encryption; privacy

Question 4

Integrity

Answer 4

The property that information has not be altered in an unauthorized way. Designed to protect data from deletion or modification from any unauthorized party; use version control, access control, security control, data logs and checksums.

Question 5

Availability

Answer 5

The property that information is accessible and modifiable in a timely fashion by those authorized to do so

Question 6

Means to Managing Confidentiality

Answer 6

Access control lists, volume and file encryption, and Unix file permissions.

Question 7

Security Challenges

Answer 7

Not easy. Have to forward think of potential attacks. Hackers only need fine one weakness vs. developers need to guard all; battle of wits.

Question 8

Security Challenges with User & System Designers

Answer 8

They sometimes don’t see the benefits until attack occurs; an afterthought

Question 9

Security Challenges w/Monitoring

Answer 9

Requires constant monitoring; expensive; consider security investment w/little value

Question 10

Security Challenges w/Usability

Answer 10

Thought of as an interference with usability. May involve additional algorithms; procedures to provide some services maybe counterintuitive.

Question 11

Security Challenges w/security Mechanisms

Answer 11

Involve more than one particular algorithm and/or information–question can be raised about creation, distribution, and protection of these.

Question 12

A.A.A.

Answer 12

is a method you can use in your network to control which administrators are allowed to connect to which devices (authentication), what they can do on these devices (authorization), and log what they actually did while they were logged in (accounting).

Question 13

Authenticity

Answer 13

the ability to determine that statements, policies, and permissions issued by persons or systems are genuine

Question 14

Non-repudiation

Answer 14

Is the ability to guarantee that someone cannot deny something

Question 15

Assurance

Answer 15

how trust is provided and managed in computer system

Question 16

Trust Management depends on

Answer 16

Policies, Procedures, and Protections

Question 17

Anonymity

Answer 17

property that certain records or transactions not to be attributable to any individual; subtle difference between confidentiality

Question 18

Low Risk

Answer 18

• System processes and/or stores public data
• System is easily recoverable and reproducible
• System provides an informational / non-critical service

Question 19

Moderate Risk

Answer 19

• System processes and/or stores non-public or internal-use data
• System is internally trusted by other networked systems
• System provides a normal or important service

Question 20

High Risk

Answer 20

• System processes and/or stores confidential or restricted data
• System is highly trusted by UI networked systems
• System provides a critical or campus-wide service