Network Security CH. 1
List and describe three of the characteristics of information that must be protected by information security?
1. Confidentiality-Confidentiality ensures that only authorized parties can view the information. 2. Integrity-Integrity ensures that the information is correct and no unauthorized person or malicious software has altered that data. 3. Availability-Availability ensures that data is accessible to authorized users.
What are the four different risk response techniques?
Accept, transfer, avoid, and mitigate.
What class of attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period?
Advanced Persistent Threat
Which of the following ensures that data is accessible to authorized users?
Availability
Which of the following are considered threat actors? (Choose all that apply.)
Brokers and Competitors
Which of the three protections ensures that only authorized parties can view information?
Confidentiality
What term best describes any premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against noncombatant targets by subnational groups or clandestine agents?
Cyberterrorism
What term describes a layered security approach that provides the comprehensive protection?
Defense-In-Depth
In what kind of attack can attackers make use of millions of computers under their control in an attack against a single server or network?
Distributed
Which of the following is a valid fundamental security principle? (Choose all that apply.)
Diversity, Simplicity and Layering
As security is increased, convenience is often increased.
False
Brokers steal new product research or a list of current customers to gain a competitive advantage.
False
Successful attacks are usually not from software that is poorly designed and has architecture/design weaknesses.
False
Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information?
Gramm-Leach-Bliley
Under which laws are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format?
HIPAA
What term is used to describe a group that is strongly motivated by ideology, but is usually not considered to be well-defined and well-organized?
Hacktivists
Which of the following is a common security framework? (Choose all that apply.)
ISO, COBIT and RFC
What type of theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?
Identity Theft
Which term below is frequently used to describe the tasks of securing information that is in a digital format?
Information Security
Select the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data.
Integrity
What type of diversity is being implemented if a company is using multiple security products from different manufacturers?
Manufacturer Diversity
What term is used to describe state-sponsored attackers that are used for launching computer attacks against their foes?
Nation State Actors
Select the term that best describes automated attack software?
Open-Source-Intelligence
Information security is achieved through a combination of what three entities? Provide at least one example of each entity.
Products (physical security): The physical security around the data. May be as basic as door locks or as complicated as intrusion-detection systems and firewalls. People (personnel security): Those who implement and properly use security products to protect data. Procedures (organizational security): Plans and policies established by an organization to ensure that people correctly use the products.
Which term is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so?
Script Kiddies
What term refers to an action that provides an immediate solution to a problem by cutting through the complexity that surrounds it?
Silver Bullet
What process describes using technology as a basis for controlling the access and usage of sensitive data?
Technical controls
What is the Payment Card Industry Data Security Standard (PCI DSS)?
The PCI DSS is a set of security standards that all companies that process, store, or transmit credit or debit card information must follow. PCI applies to any enterprise or merchant, regardless of its size or number of card transactions, that processes transactions either online or in person.
A vulnerability is a flaw or weakness that allows a threat to bypass security.
True
To mitigate risk is the attempt to address risk by making the risk less serious.
True
What is occurring when an attacker manipulates commonplace actions that are routinely performed in a business?
Vulnerable business processes, also called business process compromise (BPC), occurs when an attacker manipulates commonplace actions that are routinely performed within an organization.
Why is the speed of malicious attacks making the challenge of keeping computers secure more difficult?
With modern tools at their disposal, attackers can quickly scan systems to find weaknesses and launch attacks with unprecedented speed. Many tools can even initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.
In information security, what can constitute a loss?
all of the above a force of nature such as a tornado that could destroy computer equipment a virus that attacks a computer network a person attempting to break into a secure computer network
In information security, which of the following is an example of a threat actor?
all of the above theft of information a delay in transmitting information that results in a financial penalty the loss of good will or a reputation
