Week 1 - cyber security vocabulary

Question 1

CIA

Answer 1

Confidentiality
Integrity
Availability

Question 2

Confidentiality

Answer 2

The property that information is only made available to authorised individuals, entities or processes.

Question 3

Integrity

Answer 3

The property of safeguarding the accuracy and completeness of property against unauthorised access or modification.

Question 4

Availability

Answer 4

the property of being accessible and useable on demand by authorised entities.

Question 5

AAA

Answer 5

Authentication
Authorisation
Accounting

Question 6

What is authentication?

Answer 6

The process of identifying entities. It links an identity to an entity.

Question 7

What is Authorisation?

Answer 7

Giving or withholding access to systems resources

Question 8

What is accounting?

Answer 8

Recording usage of systems

Question 9

What is the fourth concept that was introduced to AAA?

Answer 9

Auditing - evaluating a systems security.

Question 10

The three – factors of authentication

Answer 10

Whenever you use a computer system, it is not enough for you to claim an identity, you must prove that identity using a further piece of information called a factor. When you log on to your computer you claim an identity with a user ID; you prove it using a factor such as a password or fingerprint.

Question 11

The three AAAs are interlinked as?

Answer 11

Weaknesses in authentication or authorisation allow improper (either deliberate or accidental) access to a system. These weaknesses can be revealed through accounting processes.

Question 12

Authentication, Authorisation, Accounting is also referred to as?

Answer 12

Access Control - regulating which entities can view, modify or use a system resource.

Question 13

1. The knowledge factor (something you know)

Answer 13

Something that can be recalled by memory

Question 14

2. The possession factor (something you have)

Answer 14

Physical objects such as smart keys or plug in USB security keys. A weakness is ensuring the safety of the object.

Question 15

3. Biometric factor (something you are)

Answer 15

A unique aspect of the user such as fingerprint or voice. It cannot be stolen or forgotten.

Question 16

Single factor authentication is?

Answer 16

Also known as SFA, is authentication using a single factor such as a password on a PC.

Question 17

Multi-factor authentication is?

Answer 17

Also known as a MFA requires more than 1 form of authentication, this could be a password (something you know) and a pin sent via SMS (something you own).

Question 18

Multi-factor (MFA) can also be referred to as?

Answer 18

Two-factor authentication (2FA)

Question 19

Multi-step authentication has two factors, what is the weakness?

Answer 19

it can either evaluate all the factors at once or one at a time.

If evaluated all at once, any potential attacker will not know if it is the password or ID that is incorrect.

If evaluated one at a time, an attacker will know if it is the ID, pin or password that is incorrect and thus will only need to obtain that piece of information.

Question 20

Out of band authentication is?

Answer 20

Also known as OOBA, improves security by requiring two channels.

Primary channel - used to establish identity

Secondary channel- used to pass authentication factor

Question 21

Three ways OOBA may be done?

Answer 21

-Send via secondary channel request response via primar channel.

-Use secondary channel to send and receive response.

-Use secondary channel to send factor whilst simultaneously displaying the same factor via the primary channel.

Question 22

Authentication is?

Answer 22

Authentication is a security control, it either permits or rejects access.

After authenticating an entity, the system will authorise them to all or some resources such as files, application or network connections.

Question 23

Accounting is?

Answer 23

A record of every authentication (successful or not) and authorisation (or rejection) by identifying which resources were accessed, time, by which entity and for what purpose.

Accounting logs form audit trails that allow system administrators, investigators and law enforcement bodies to track activity on a system

Question 24

What is auditing?

Answer 24

An evaluation of an organisation security preparedness.

Question 25

What are the key purposes of auditing ?

Answer 25

• identify vulnerability, threats and risks.

-verify current security measures meet the organisation requirement.

-ensure employee compliance

-identify unnecessary software and hardware.

-identify new threats and incorporate new technologies.

Question 26

What is CyBOK?

Answer 26

Cyber security body of knowledge, is the definitive UK reference library for cyber security knowledge. Developed with university, technology companies and UK Government agencies.

Built around 19 top-level knowledge areas (KAs). Free and hosted by the university of Bristol.