Week 1 - cyber security vocabulary Flashcards

1
Q

CIA

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Confidentiality

A

The property that information is only made available to authorised individuals, entities or processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Integrity

A

The property of safeguarding the accuracy and completeness of property against unauthorised access or modification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Availability

A

the property of being accessible and useable on demand by authorised entities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AAA

A

Authentication
Authorisation
Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is authentication?

A

The process of identifying entities. It links an identity to an entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Authorisation?

A

Giving or withholding access to systems resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is accounting?

A

Recording usage of systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the fourth concept that was introduced to AAA?

A

Auditing - evaluating a systems security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The three – factors of authentication

A

Whenever you use a computer system, it is not enough for you to claim an identity, you must prove that identity using a further piece of information called a factor. When you log on to your computer you claim an identity with a user ID; you prove it using a factor such as a password or fingerprint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The three AAAs are interlinked as?

A

Weaknesses in authentication or authorisation allow improper (either deliberate or accidental) access to a system. These weaknesses can be revealed through accounting processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Authentication, Authorisation, Accounting is also referred to as?

A

Access Control - regulating which entities can view, modify or use a system resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. The knowledge factor (something you know)
A

Something that can be recalled by memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. The possession factor (something you have)
A

Physical objects such as smart keys or plug in USB security keys. A weakness is ensuring the safety of the object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Biometric factor (something you are)
A

A unique aspect of the user such as fingerprint or voice. It cannot be stolen or forgotten.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Single factor authentication is?

A

Also known as SFA, is authentication using a single factor such as a password on a PC.

17
Q

Multi-factor authentication is?

A

Also known as a MFA requires more than 1 form of authentication, this could be a password (something you know) and a pin sent via SMS (something you own).

18
Q

Multi-factor (MFA) can also be referred to as?

A

Two-factor authentication (2FA)

19
Q

Multi-step authentication has two factors, what is the weakness?

A

it can either evaluate all the factors at once or one at a time.

If evaluated all at once, any potential attacker will not know if it is the password or ID that is incorrect.

If evaluated one at a time, an attacker will know if it is the ID, pin or password that is incorrect and thus will only need to obtain that piece of information.

20
Q

Out of band authentication is?

A

Also known as OOBA, improves security by requiring two channels.

Primary channel - used to establish identity

Secondary channel- used to pass authentication factor

21
Q

Three ways OOBA may be done?

A

-Send via secondary channel request response via primar channel.

-Use secondary channel to send and receive response.

-Use secondary channel to send factor whilst simultaneously displaying the same factor via the primary channel.

22
Q

Authentication is?

A

Authentication is a security control, it either permits or rejects access.

After authenticating an entity, the system will authorise them to all or some resources such as files, application or network connections.

23
Q

Accounting is?

A

A record of every authentication (successful or not) and authorisation (or rejection) by identifying which resources were accessed, time, by which entity and for what purpose.

Accounting logs form audit trails that allow system administrators, investigators and law enforcement bodies to track activity on a system

24
Q

What is auditing?

A

An evaluation of an organisation security preparedness.

25
Q

What are the key purposes of auditing ?

A
  • identify vulnerability, threats and risks.

-verify current security measures meet the organisation requirement.

-ensure employee compliance

-identify unnecessary software and hardware.

-identify new threats and incorporate new technologies.

26
Q

What is CyBOK?

A

Cyber security body of knowledge, is the definitive UK reference library for cyber security knowledge. Developed with university, technology companies and UK Government agencies.

Built around 19 top-level knowledge areas (KAs). Free and hosted by the university of Bristol.