Week 5 - Systems security Flashcards

1
Q

non-repudation

A

means’ that the owner of a message is unable to reupdate ownership. can be achieved by cryptography or accounting methods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is a system?

A

a set of things working as part of a mechanism with an interconnection between its components, with a goal of providing a service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

explain cyber-physical-social systems

A

integration of cyber, physical and social spaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define interface

A

a common point through which two systems interact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is the application layer?

A

sends and receives data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is the host layer?

A

the hardware that hosts the OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is the operating system?

A

a collection of software that runs the interface, manages system components (storage, memory) and peripherals (printers, audio).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the network layer (layer 3)

A

routing packets in a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Availability from a computer systems perspective

A

key components ensure the system is always fully functional

(web and database server or backed up data by the system)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Authentication from a computer systems perspective

A

allows legitimate users only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Authorisation from a computer systems perspective

A

role based access controls, e.g only admin can make changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Confidentiality from a computer systems perspective

A

techniques like cryptography and access control ensure authorised users have access to data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Integrity from a computer systems perspective

A

techniques like cryptography and access control ensure authorised users have access to data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Accounting and non-repudiation from a computer systems perspective

A

mechanisms to log all actions with identity, date, time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is an attack vector?

A

how the attack targets the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what is packet sniffing?

A

monitoring network traffic to capture packets on a wired or wireless network

17
Q

Define interception attack vector

A

the act of preventing someone or something from reaching the intended destination

breaches confidentiality

18
Q

Define modification attack vector

A

making changes without permission or authorisation

breaches integrity

19
Q

Define interruption attack vector

A

stop or hinder communication

breaches integrity and availability

20
Q

Define replay attack vector

A

lays between modification and interception, attacker intercepts data then communicate it to target without modification with the intent of receiving a response that holds information of interest

21
Q

Define Man in the middle attack

A

a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other

may use replay attack vector or modification attack vector.

22
Q

define fabrication attack vector

A

masquerading as a sender or receiver to fabricate a message or data. observation over a long period of time

can be used to breach 1 of 5 security objectives-

confidentiality, integrity, availability, authentication and non-repudiation

23
Q

define transmission control protocol (TCP)

A

layer 4,
transport data segments
communications standard that enables application programs and computing devices to exchange messages over a network

24
Q

Define systems security

A

security of a whole system including applications, host devices, network components, people and processes.

25
Q

Define cryptography

A

encode and decode information to secure communication.

achieves confidentiality and integrity (CIA)

26
Q

what is the ISO 27000 information security standard?

A

International organisation for Standardisation (ISO)

a set of standards that if met demonstrates an organisation has met a level of security maturity.

implementation is accredited by a qualified auditor.

27
Q

What does ISO 2700:2018 address?

A

best practices for managing information risks by implementing security controls

28
Q

What does ISMS stand for?

A

information security management systems.