Module 1 Flashcards
1.1: Analyze the current landscape of information assurance and computer security. 1.2: Evaluate trends in information assurance and computer security. 1.3: Determine the importance of security in the IT industry and its impacts across other fields. 1.4: Execute security principles and strategies. 1.5: Analyze security principles and strategies. 1.6: List bad security practices that are commonly observed in daily life. 1.7: Explain which security principles bad practices are breaking
What are the challenges of Cyber Security?
System availability, data integrity, and privacy
What is Information Assurance?
An application that encompasses scientific, technical, and management disciplines that are required to ensure information security and quality
What are the forms of information?
Hard copy, soft copy, records of meetings, telephone conversations, video conferences, and personal data
What are the states of information?
Transmitted, Processed, and stored
What are the components of information security?
Confidentiality, Integrity, and availability
What’s a threat?
A potential occurrence that can have undesirable effect on system assets or resources
what are the threat categories?
Disclosure, Deception, Disruption, and Usurpation
what is vulnerability?
a weakness that makes it possible for a threat to occur
what are the Information Characteristics?
Authentication, Non-repudiation, secrecy, and privacy
What is Authentication?
Validity of transmission, message, originator, or means of verifying an individuals means of authorization
what is Non-repudiation
Assurance that sender of data is provided with proof of delivery to recipient, and recipient is provided with proof of sender Identity
what is Secrecy?
Cryptography and computer access control. Limits the number of principals who can access information
what is Privacy?
The ability/right to protect private information
What is confidentiality?
Determines the secrecy of information
what are the confidentiality principles
- need to know
- data sep
- compartmentalization
- classification
- encryption
what is the weakest link?
Security is only as strong as the weakest link
What are the security strategies
obscurity, perimeter defence, defence in depth
Defence in depth
A number of IA layers of defence that are operationally interoperable an complementary technical and non-technical
enclave
an env under control of a single authority with personal and physical security
what is the make up of defence in depth?
1.perimeter def around each enclave
2. multiple complicated connections between an enclave and outside
3. multiple layers and a diff solution req for each connection
What is the general layered arch model for defence in depth?
layer 1: IA policies
layer 2: IA management
layer 3: AI architecture (Technical IA infrast)
layer 4-10: non-technical implementation
what does layer 3 in layered arch model ensure?
ensures the minimal level of interoperability and services are available to authorized users.
How many and what types of levels of security does layer 3 implement?
- physical ,procedural, and logical security
what is L4 in layered arch model
operational security administration
what is L5 in layered arch model
config management
what is L6 in layered arch model
life-cycle security
what is L7 in layered arch model
contingency planning
what is L8 in layered arch model
IA education/training
what is L9 in layered arch model
policy compliance oversight
what is L10 in layered arch model
IA incident responce and reporting
what is mission assurance?
to identify and mitigate design, prod, test, and field support deficiencies
how does the conflication between IA an mission assurance be averted?
- by protecting the infra and data
- securely sharing information with auth individuals
what is MAC?
mission assurance categories
what is Mac 1?
systems that handle infor most critical to operations
what is Mac 2?
systems that handle info that supports most critical operations- loss can be tolerated
what is Mac 3?
infor that is necessary for day to day operations
what is risk?
something that may happen in the future
what are the vulnerability categories?
design, implementation, and deployment
what are design vulnerabilities?
flaws in logic
-most difficult to identify b/c they require clear understanding of material
what are implementation vulnerabilities
incorrectly handled unexpected inputs
what are deployment vulnerabilities
incorrect or faulty deployments of application (i.e weak passwords)
what is risk management?
dealing with risks in cost effective manner- rather than avoiding risks at all costs
what are the 3 risk choices?
Acceptance, reduction, and transfer
What is IA policy?
High level statements of goals of procedures for information assurance
What are the IA policy enforcement mechanisms?
Inform/explain/document
technical
procedural (security auditing)
What is a security policy
A statment that partitions the states of the system into a set of auth/secure and unath/insecure states
Do IA policies include security policies/
yes
How to establish IA policies?
- secure strong management support
- gather key data
- define framework
- structure procedures
- perform risk assessment
