P1_L1-Chapter1- Security Mindset

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

FERPA (Family Educational Rights and Privacy Act)

In the United States, student grade information is an asset whose confidentiality is regulated by the __________.

What is the OSI security architecture?

It defines a systematic approach for managers, describing a way of organizing the task of providing security.

usurpation

Misappropriation and misuse are attacks that result in ____________ threat consequences.

Data

The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _______________.

Data integrity

The assurance that data received are exactly as sent by an authorized entity is __________.

Define computer security.

The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, information, data...).

Availability assures that systems works promptly and service is not denied to authorized users. True or False

True

Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them. True or False

True

Computer security is protection of the integrity, availability, and confidentiality of information system resources. True or False

True

Data integrity assures that information and programs are changed only in a specified and authorized manner.

True

The first step in devising security services and mechanisms is to develop a security policy.

True

The more critical a component or service, the higher the level of availability required. True or False

True

System Integrity

__ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system

Privacy

__ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

List and briefly define categories of security services.

+Authentication +Access Control +Data Confidentiality +Data Integrity +Non-repudiation (Prevents either sender or receiver from denying a transmitted message) +Availability

What is the difference between passive and active security threats?

+Passive attacks have to do with eavesdropping on, or monitoring transmissions. Email, file transfers, and client/server exchanges are examples of transmissions that can be monitored. +Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems.

List and briefly define categories of passive and active network security attacks.

+Passive: Unauthorized Disclosure +Active: ---> Deception ---> Disruption ---> Usurpation (An event that results in control of system services of functions by an unauthorized entity)

Computer Security

. ___________________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.

High

A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

vulnerability

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) ____

Confidentiality

A loss of ___ is the unauthorized disclosure of information.

availability

A loss of _________ is the disruption of access to or use of information or an information system.

countermeasure

A(n) ________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.

inside attack

A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources.

attack

An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n)____

masquerade

An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.

CIA triad

Confidentiality,Integrity, and Availability form what is often referred to as the _____.

List and briefly define categories of security mechanisms.

Encipherment +Digital Signature +Access Control +Data Integrity +Authentication Exchange +Trusted Functionality +Event Detection +Security Audit Trail

Security mechanisms typically do not involve more than one particular algorithm or protocol.

False

Threats are attacks carried out. True or False

False

The "A" in the CIA triad stands for "authenticity". True or False

False. C-Confidentiality, I-Integerity, A-Availability


संबंधित स्टडी सेट्स

Series 66 Uniform Securities Act Quiz #1

View Set

Nutrition and Addiction EAQ questions

View Set

Business Law Ch.6: Tort Law & Cybertorts

View Set

SEC+ 501 - CHAPTER ONE REVIEW QUESTION

View Set

CHAPTER 1: MENTAL HEALTH AND MENTAL ILLNESSES

View Set

PNU 120 Taylor PrepU Chapter 40: Fluid, Electrolyte. and Acid-Base Balance

View Set

MKT 300 Concept Check CH.4 (Hapke)

View Set

Pharmacology practice assessment b

View Set