MIS 379 Test 1

This principle states that a subject can write to an object only if its security classification is less than or equal to the object's security classification

*-property

_______ is the ability to control whether a subject (such as an individual or a process running on a computer system) can interact with an object (such as a file or hardware device).

Access Control

_______ refers to whether a control can be verified to be functioning properly

Auditability

-Something you know -Something you have -Something about you (something that you are)

Authenticatino

-Something you know -Something you have -Something about you (something that you are)

Authentication

______ attempts to ensure that an individual is who they claim to be.

Authentication

The goal of ________ is to ensure that the data, or the system itself, is available for use when the authorizes user wants it.

Availability

Multilevel security system that implements the military's hierarchical security scheme, which includes levels of classification such as Unclassified, Confidential, Secret, and Tope Secret.

Bell-LaPudla security model

Instead of security classifications, integrity levels are used.

Biba Security Model

________ are methods to establish authenticity of specific objects such as an individual's public key or download key

Certificates

____ refers to the opportunity for the end user to consent to the data collection to opt out.

Choice

_______ involves a piece of malware that defrauds the advertising revenue counter engine through fraudulent user clicks

Click Fraud

______ is the unauthorized entry into a computer system via any means, including remote network connections.

Computer Trespass

The purpose of _______ is to ensure that only those individuals who have the authority to view a piece of information may do so.

Confidentiality

____ refers to the positive affirmation by a customer that she read the notice, understanding her choices, and agrees to release her PII for the purposes explained to her

Consent

____ are small bits of text that are stored on a user's machine and sent o specific web sites then the user visits

Cookies

Tranning for employees to recognize the type of information that should be combined with other pieces of information to potentially divulge sensitive information

Data Aggregation

The EU has developed a comprehensive concept of privacy, which is administered via a set of statutes know as ______

Data Protection

_______ is a concept that complements the idea of various layers of security

Diversity of Defense

A ______ was once considered an individual who understood the technical aspects of computer operating systems and networks

Hacker

_______ takes a granular view of security by focusing on protecting each computer and device individually instead of addressing protection of the network as a whole.

Host Security

If a particular situation is not covered by any of the other rules, the ______ approach states the access should not be granted

Implicit Deny

_________ is a related concept but deals with the generation and modification of data. Only authorized individuals should ever be able to create or change (or delete) information.

Integrity

There is no 100 percent secure system, and there is nothing that is foolproof, so a single specific protection mechanism should never be solely relied upon

Layer Security

_________ means that a subject (which may be a user, application, or process) should have only the necessary rights and privileges to preform its task with no additional permissions

Least Privilege

In _______, an emphasis is placed on controlling access to internal computers from external entities.

Network Security

_______ deals with the ability to verify that a message has been sent and received and that the sender can be identified and verified.

Nonrepudiation

_____ refers to informing the customer that PII will be used and/or stored

Notice

____ can be used to identify a specific individual, even if an entire set is not disclosed

Personally Identifiable Information (PII)

Refers to the "hacking" of the systems and computers used by a telephone company to operate its telephone network

Phreaking

______ can be defined as the power to control what others know about you and what they can do with that information

Privacy

_______ uses the approach of protecting something by hiding it

Security through Obscurity

_________ ensures that for any given task, more than one individual needs to be involved

Separation of Duties

____states than no subject (such as user or program) can read information from an object (such as a file) with a security classification higher than that possessed by the subject itself.

Simple Security Rule

______ is the process of convincing an authorized individual to provide confidential information or access to an unauthorized individual.

Social Engineering

Protection = Prevention + (Detection + Response)

This is know as the operational model of computer security