Section 3 Flashcards

1
Q

What is encryption

A

the process of transforming readable data, called plaintext or cleartext, into an unreadable form, called ciphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is decryption

A

the process of recovering the plaintext message from the ciphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are keys used for in cryptography

A

to encrypt or decrypt a message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a substitution cipher

A

substitutes each letter in the alphabet with a different one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is “security through obscurity”

A

secrecy surrounding the equipment and the configurations used for specific messages could provide good security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an important aspect of a cryptographic algorithm

A

cryptographic algorithms should be robust enough that even if people know every bit of the encryption process except for the key itself, they should still not be able to break the encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are “one-way problems”

A

are easy to perform in one direction but difficult to perform in the other direction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are keyword ciphers

A

Rather than shifting all letters by the same number of spaces in the alphabet, you’d shift each letter to match the corresponding letter in the keyword. a keyword alphabet is made with the keyword and appending the regular alphabet to the end without having 2 of the same letters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is frequency analysis

A

means you can make guesses about what the message contents might be based on the frequency of characters used, where those characters appear in words, and when they’re repeated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a one-time pad

A

where you get a paper with numbers and use those numbers to shift each character by the number specified to encrypt/decrypt a message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is symmetric key cryptography

A

uses a single key to both encrypt the plaintext and decrypt the ciphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a block cipher

A

takes a predetermined number of bits (or binary digits, which are either a 1 or a 0), known as a block, and encrypts that block. Blocks typically have 64 bits, but they can be larger or smaller depending on the algorithm used and the various modes the algorithm can operate in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a stream cipher

A

encrypts each bit in the plaintext message one bit at a time. You can make a block cipher act as a stream cipher by setting the block size to one bit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are 3 common symmetric key algorithms and how do they work

A

DES - a block cipher that uses a 56-bit key (meaning the key used by its cryptographic algorithm is 56 bits long).

3DES - DES used to encrypt each block three times, with three different keys.

AES - a set of symmetric block ciphers. AES uses three different ciphers: one with a 128-bit key, one with a 192-bit key, and one with a 256-bit key, all of which encrypt blocks of 128 bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is asymmetric key cryptography

A

also known as public key cryptography, uses two keys: a public key and a private key. You use the public key to encrypt data, and anyone can access the public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is asymmetric key cryptography

A

also known as public key cryptography, uses two keys: a public key and a private key. You use the public key to encrypt data, and anyone can access the public key. Private keys, used to decrypt messages, are carefully guarded by the receiver.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is elliptic curve cryptography (ECC)

A

a class of cryptographic algorithms.

ECC can use short keys while maintaining a higher cryptographic strength than many other types of algorithms.

18
Q

What are hash functions

A

keyless cryptography. Instead of using a key, hash functions, or message digests, convert the plaintext into a largely unique and fixed-length value, commonly referred to as a hash.

19
Q

What is a collision

A

to engineer a matching hash for 2 different sets of data. difficult and usually only happens if you’re using a broken hashing algorithm.

20
Q

What is a digital signature

A

allows you to sign a message so that others can detect any changes to the message after you’ve sent it, ensure that the message was legitimately sent by the expected party, and implementing nonrepudiation

21
Q

How does a digital signature work

A

the sender generates a hash of the message and then uses their private key to encrypt the hash. The sender then sends this digital signature along with the message, usually by appending it to the message itself.
When the message arrives at the receiving end, the receiver uses the public key corresponding to the sender’s private key to decrypt the digital signature, thus restoring the original hash of the message.

22
Q

What is a digital certificate

A

link a public key to an individual by validating that the key belongs to the proper owner, and they’re often used as a form of electronic identification for that person

23
Q

What is a CA (certificate authority)

A

the entity that issues certificates. It acts as a trusted third party to both sides of transactions that involve certificates by signing the certificate to begin with and later verifying that it is still valid. One well-known certificate authority is VeriSign.

24
Q

What are the 2 main components of public key infrastructure (PKI)

A

the certificate authorities that issue and verify certificates, and the registration authorities that verify the identity of the individual associated with the certificate

25
Q

What is compliance

A

the rules and regulations that govern the information you handle and the industry within which you operate.

26
Q

What is regulatory compliance

A

your adherence to the laws specific to the industry in which you’re operating.

27
Q

What is industry compliance

A

adherence to regulations that aren’t mandated by law but that can nonetheless have severe impacts upon your ability to conduct business.

28
Q

What is an information security policy

A

a document that defines information security for an organization. almost every standard or regulation requires you to have one

29
Q

What are “key controls”

A

the primary controls used to manage risk in your environment and have the following characteristics:

1.They provide a reasonable degree of assurance that the risk will be mitigated.
2.If the control fails, it is unlikely that another control could take over for it.
3.The failure of this control will affect an entire process.

30
Q

What are “compensating controls”

A

controls that replace impractical or unfeasible key controls. When you put a compensating control in place, you’ll likely have to explain to auditors how it will fulfill the intent and purpose of the control you’re replacing.

31
Q

What are the steps to cycle through in order to maintain compliance

A

monitoring- you must monitor your controls

reviewing - controls need to undergo a periodic review

documenting - you should document the results of the reviews

reporting - after monitoring, reviewing, and documenting, you must report the results to your leadership

32
Q

What is FISMA

A

requires each federal agency to develop, document, and implement an information security program to protect its information and information systems.

33
Q

What is HIPPA

A

require privacy protections for individually identifiable health information, also known as protected health information, or PHI. These provisions, collectively known as the HIPAA Privacy Rule, mandate safeguards to protect patient privacy.

34
Q

What is FERPA

A

protects the privacy of students and their parents. FERPA requires all schools that receive funds from programs administered by the U.S. Department of Education to comply with standards regarding the disclosure and maintenance of educational records, including educational information, personally identifiable information, and directory information.

35
Q

What is SOX

A

mandates standards in regards to areas such as corporate board responsibility, auditor independence, fraud accountability, internal controls assessment, and enhanced financial disclosures.

36
Q

What is GLBA

A

requires financial institutions to safeguard a consumer’s “nonpublic personal information,” or NPI. GLBA also mandates the disclosure of an institution’s information collection and information sharing practices and establishes requirements for providing privacy notices and opt-outs to consumers.

37
Q

What is GDPR

A

an EU regulation that requires that organizations get consent before collecting people’s data, report data breaches, give individuals the right to access and remove collected data, and set specific guidelines for privacy and privacy programs.

38
Q

What is CIPA

A

requires schools and libraries to prevent children from accessing obscene or harmful content over the Internet. CIPA requires these institutions to have policies and technical protection measures in place to block or filter such content.

39
Q

What is COPPA

A

protects the privacy of minors younger than 13 by restricting organizations from collecting their PII, requiring the organizations to post a privacy policy online, make reasonable efforts to obtain parental consent, and notify parents that information is being collected.

40
Q

What is a disadvantage of logging?

A

takes up storage space