Week 1 Flashcards
What is Computer Security?
Measures and controls that ensure confidentiality, integrity, and availability of information system assets.
Name the 5 Computer Security Requirements (AACIA)
1_ Accountability 2_ Availability 3_ Confidentiality 4_ Integrity 5_ Authenticity
List 3 levels of impact on computer security breach
1_ Low
2_ Moderate
3_ High
Describe 3 challenges of computer security
1_ Computer security is not as simple as it might first appear to the novice.
2_ Attackers only need to find a single weakness, while the designer must find and eliminate all weaknesses to achieve perfect security.
3_ Security requires regular and constant monitoring
What is an Adversary?
An entity that has the intent to conduct detrimental activities.
What is an Attack?
Any malicious activity that attempts to destroy information system resources.
What is a Countermeasure?
A device or techniques that has as its objective the impairment of adversarial activity.
What is a Risk?
A measure of the extent to which an entity is threatened.
What is a Security Policy?
A set of criteria for the provision of security services.
What is a System Resource (Asset)?
A logically related group of systems.
What is a Threat?
Any circumstance or event with the potential to adversely impact organisational operations.
What is Vulnerability?
Weakness in an information system that could be exploited by a threat source.
List the hierarchy of assets of a computer system.
- > Hardware
- -> Software
- –> Data (raw facts and figures)
- —> Communication facilities and networks
What are the 3 categories of vulnerabilities?
1- Corrupted (loss of integrity)
2- Leaky (loss of confidentiality)
3- Very slow (loss of availability)
What are the 2 types of threats?
1- Exploit vulnerabilities
2- Harm to assets
What are the 4 types Attacks?
1- Passive (Attempts to make use of info but wont affect the system)
2- Active (Attempts to affect the system)
3- Insider
4- Outsider
What are the 4 types of Threat Consequences and list two attacks that may have caused them?
1- Unauthorised disclosure (e.g. Exposure, Interception)
2- Deception (e.g. Masquerade, Falsification)
3- Disruption (e.g. Corruption, Obstruction)
4- Usurpation (e.g. Misuse, Misappropriation)
List 3 Countermeasures
1_ Incident response
2_ Access Control
3_ Audit and accountability
List 3 Security design principles
- Encapsulation
- Separation of privileges
- Layering
What is an attack surface?
A reachable and exploitable vulnerability in a system
List the 3 Attack Surface types
- Network Attack surfaces
- Software Attack surfaces
- Human Attack surfaces
What is an attack tree?
A hierarchical data structure that represents a set of
techniques for exploiting security vulnerabilities.
What are the 4 Computer Security strategies?
1) Security policy
2) Security implementation
3) Assurance
4) Evaluation
What is Malware?
A program that is inserted into a system with the intent of compromising the confidentiality, integrity, or availability of the victim’s data
What are the 2 categories malware is split into?
1- How it spreads to desired targets (propagation)
2- How it performs once a target is reached (payload)
What is an Attack Kit?
The deployment and development of malware by skilled software authors. E.g. Angler, Zeus
Name 3 Attack Sources
- Politics
- Criminals
- Government agencies
What is an Advanced Persistent Threat (APT)? Give two examples of APTs
Well-resourced, persistent application of malware to selected targets. E.g. Social engineering, spear phishing emails
What is a Virus?
A piece of software that infects programs
What are the Virus components?
- Infection mechanism
- Trigger
- Payload
What are the phases of a Virus?
1 Dormant phase
2 Triggering phase
3 Propagation phase
4 Execution phase
What is a Macro virus?
A virus that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute and propagate.
List 3 virus target categories
- Boot sector infector
- File infector
- Macro virus
List 3 virus concealment strategies
- Encrypted virus
- Polymorphic virus
- Stealth virus
