overview of Security

Question 1

Information Security

Answer 1

Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption and destruction.

Question 2

Information Systems Security

Answer 2

Act of protecting the systems that hold and process our critical data.

Question 3

CIA Triad

Answer 3

This consists of: Confidentiality, Integrity and Availability.

Question 4

Confidentiality

Answer 4

Information has not been disclosed to unauthorized people. Encryption

Question 5

Integrity

Answer 5

Information has not been altered or modified without proper authorization. This includes hashes.

Question 6

Availability

Answer 6

Information is able to be stored, accessed, or protected at all times.

Question 7

AAA Security

Answer 7

Authentication, Authorization, Accounting

Question 8

Authentication

Answer 8

When a persons identity is established with proof and confirmed by a system.
- Something you know - password
- Something you are - fingerprint
- Something you have - Token
- Something you do - how you speak etc.
- Somewhere you are - your actual location

Question 9

Authorization

Answer 9

Occurs when a user is given access to a certain piece of data or a certain area of a building

Question 10

Accounting

Answer 10

tracking of data, computer usage, and network resources.
-non-repudiation occurs when you have proof that someone has taken an action.

Question 11

malware

Answer 11

Short-hand term for malicious software

Question 12

Unauthorized access

Answer 12

Occurs when access to computer resources and data occurs without the consent of the owner.

Question 13

System Failure

Answer 13

Occurs when a computer crashes or an individual application fails

Question 14

Social Engineering

Answer 14

Act of manipulating users into revealing confidential information or performing other detrimental actions. This occurs as phishing.

Question 15

physical controls

Answer 15

Alarm systems, locks, surveillance cameras, identification cards, and security guards

Question 16

Technical Controls

Answer 16

Smart cards, encryption, access control lists (ACL’s), intrusion detection systems, and network authentication.

Question 17

Administrative Controls

Answer 17

Policies, procedures, security awareness training, contingency planning, and disaster recovery plans.
- User training is the most cost effective security control to use.

Question 18

White Hat Hackers

Answer 18

Non-malicious hackers who attempt to break into a company’s systems at their request.

Question 19

Black Hat Hackers

Answer 19

malicious hackers who break into computer systems and networks without authorization or permission

Question 20

Gray Hat Hackers

Answer 20

Hackers without any affiliation to a company who attempt to break into a company’s network but risk the law in doing so.

Question 21

Blue Hat Hackers

Answer 21

Hackers who attempt to hack into a network with permission of the company but are not employed by the company.

Question 22

Elite Hackers

Answer 22

Hackers who find and exploit vulnerabilities before anyone else does.
- 1 in 10,000 are elite

Question 23

Script Kiddies

Answer 23

Hackers with little to no skill who only use the tools and exploits written by others.

Question 24

Hacktivists

Answer 24

Hackers who are driven by a cause like a social change, political agendas, or terrorism.

Question 25

Organized Crime

Answer 25

Hackers who are part of a crime group that is well-funded and highly sophisticated

Question 26

Advanced Persistent Threats

Answer 26

Highly trained and funded group of hackers (often by nation states) with covert an open-source intelligence at their disposal