Terminology

Question 1

System Resource/Asset

Answer 1

Software systems, data and network systems, personnel, equipment or a logically related group of systems.

Question 2

Vulnerability

Answer 2

Weakness in the system that can be exploited or triggered by a threat source.
- Information system, procedures, internal controls or implementation.

Leaky system through the network.

Question 3

Threat

Answer 3

Circumstance or event what impacts adversely the operations.

Question 4

Attack

Answer 4

Threat carried out by through a vulnerability.
- Malicious activity that tries to collect, disrupt, deny, degrades or destroys information

Question 5

Adversary (threat agent)

Answer 5

Individual who conducts or has the intention to conduct detrimental activities

Question 6

Countermeasure

Answer 6

Device or technique that reduces effectiveness of attacks (prevention). If it is not possible to prevent it the goal is to detect and recover form its effects.

Residual vulnerabilities may remain -> residual level of risk to assets.

Question 7

Risk

Answer 7

Measure of the extent that an entity can be impacted by a threat, defined by level of impact or likelihood

Question 8

Security Policy

Answer 8

Criteria for the provision of security services in order to maintain a condition of security

Question 9

Active attack

Answer 9

Attempt to alter resources or affect operation

Question 10

Passive attack

Answer 10

Learn or make use of information of the system, does not affect resources

Question 11

Origin of the attack

Answer 11

Inside -> entity inside the security perimeter, authorized to access but misuses in an unapproved way
Outside -> outside the perimeter by unauth or illegitimate user.

Question 12

Threats - Unauthorized disclosure

Answer 12

Entity gains access to data for which the entity is not authorized

To: Confidentiality
Consequence:
- Exposure: entity gains unauthorized knowledge of sensitive data
- Interception: shared LAN any device can get unauthorized access to data
- Inference: observing the pattern of traffic on a network
- Intrusion: Overcoming access control protections to get unauth data

Question 13

Threats - Deception

Answer 13

Event where entity receives false data and will believe it to be true

To: Integrity
Consequence:
- Masquerade: posing as auth user (obtained credentials). Trojan horse appears to have a function but gains access and executes malicious logic
- Falsification: alter, replace valid data or introduce false data
- Repudiation: deny sending data or receiving/possessing data.

Question 14

Threats - Disruption

Answer 14

Event that interrupts or prevents the correct operation and functions

To: Availability or system integrity
- Incapacitation: limit system availability. Physical or damage of hardware. Trojan horse disabling services.
- Corruption: on system integrity. Resources or services function in an unintended manner. Like a backdoor
- Obstruction: interfere communications, disabling or altering communication control information. Overload the system

Question 15

Threats - Usurpation

Answer 15

Event that results in control of system services or functions by unauth entity

To: System integrity
- Misappropriation: theft of service. DDoS attacks, using machine resources to attack a target host.
- Misuse: disable security functions or thwarted sec functions

Question 16

Assets - Hardware

Answer 16

Most vulnerable and least susceptible to automated controls
Threats:
- Accidental and deliberate damage to equipment
- Theft (USB drives -> loss of confidentiality)

Question 17

Assets - Software

Answer 17

Key threat to sw is on availability. Easy to delete.
It can be altered or damaged to affect functioning.

Backups can increase availability and recovery.

Altering is a threat to integrity/authenticity.

Question 18

Assets - Data

Answer 18

Concerns: availability, secrecy and integrity.
Threats:
- Destroy data -> availability
- Unauthorized reading data or dbs -> secrecy
- Statistical databases (aggregate or summ information) -> secrecy. Data can be inferred by doing set operations and also the data is available during different stages of the processing of these data sets.
- Modification of data files -> data integrity

Question 19

Assets - Communication Lines and Networks - Passive attacks

Answer 19

• Passive: obtain information being transmitted. Release of message contents and traffic analysis.
  Release of MC: prevent unauthorized reads or learning
  Traffic analysis: prevent inference from seeing the interaction (guessing the nature).

Difficult to catch emphasize prevention rather than detection

Question 20

Assets - Communication Lines and Networks - Active attacks

Answer 20

Modification or falsification of the data stream
- Replay: passive capture and retransmission
A masquerade: entity pretends to be a different entity. Replay authentication sequences to gain access.
- Modification of messages: altering portion, delaying or reordering of legitimate messages

Difficult to prevent emphasize detection and recovery

Question 21

List types of threat actions (attacks)

Answer 21

-> Confidentiality
Exposure & interception: attacker gets unauth access to data
Inference: does it by inferring
Intrusion: overcome access control
-> Availability
Incapacitation: limit availability
Obstruction: Interfere comms. overload system
-> Integrity
Corruption: service does not work as expected
Masquerade: pose as auth user
Falsification: alter valid data or create false data
Repudiation: deny sending or received/possess data
Misappropiation: theft of service or misuse of resources
Misuse: disabled sec functions or thwarting of functions

Question 22

List of threat consequences

Answer 22

-Unauthorized disclose
exposure, interception, inference, intrusion (Confidentiality)
-Disruption
incapacitation,obstruction (Availability)
corruption (Integrity)
-Deception
masquerade, falsification, repudiation (Integrity)
-Usurpation
misappropiation, misuse (Integrity)