MIS 379 Test 1
This principle states that a subject can write to an object only if its security classification is less than or equal to the object's security classification
*-property
_______ is the ability to control whether a subject (such as an individual or a process running on a computer system) can interact with an object (such as a file or hardware device).
Access Control
_______ refers to whether a control can be verified to be functioning properly
Auditability
-Something you know -Something you have -Something about you (something that you are)
Authenticatino
-Something you know -Something you have -Something about you (something that you are)
Authentication
______ attempts to ensure that an individual is who they claim to be.
Authentication
The goal of ________ is to ensure that the data, or the system itself, is available for use when the authorizes user wants it.
Availability
Multilevel security system that implements the military's hierarchical security scheme, which includes levels of classification such as Unclassified, Confidential, Secret, and Tope Secret.
Bell-LaPudla security model
Instead of security classifications, integrity levels are used.
Biba Security Model
________ are methods to establish authenticity of specific objects such as an individual's public key or download key
Certificates
____ refers to the opportunity for the end user to consent to the data collection to opt out.
Choice
_______ involves a piece of malware that defrauds the advertising revenue counter engine through fraudulent user clicks
Click Fraud
______ is the unauthorized entry into a computer system via any means, including remote network connections.
Computer Trespass
The purpose of _______ is to ensure that only those individuals who have the authority to view a piece of information may do so.
Confidentiality
____ refers to the positive affirmation by a customer that she read the notice, understanding her choices, and agrees to release her PII for the purposes explained to her
Consent
____ are small bits of text that are stored on a user's machine and sent o specific web sites then the user visits
Cookies
Tranning for employees to recognize the type of information that should be combined with other pieces of information to potentially divulge sensitive information
Data Aggregation
The EU has developed a comprehensive concept of privacy, which is administered via a set of statutes know as ______
Data Protection
_______ is a concept that complements the idea of various layers of security
Diversity of Defense
A ______ was once considered an individual who understood the technical aspects of computer operating systems and networks
Hacker
_______ takes a granular view of security by focusing on protecting each computer and device individually instead of addressing protection of the network as a whole.
Host Security
If a particular situation is not covered by any of the other rules, the ______ approach states the access should not be granted
Implicit Deny
_________ is a related concept but deals with the generation and modification of data. Only authorized individuals should ever be able to create or change (or delete) information.
Integrity
There is no 100 percent secure system, and there is nothing that is foolproof, so a single specific protection mechanism should never be solely relied upon
Layer Security
_________ means that a subject (which may be a user, application, or process) should have only the necessary rights and privileges to preform its task with no additional permissions
Least Privilege
In _______, an emphasis is placed on controlling access to internal computers from external entities.
Network Security
_______ deals with the ability to verify that a message has been sent and received and that the sender can be identified and verified.
Nonrepudiation
_____ refers to informing the customer that PII will be used and/or stored
Notice
____ can be used to identify a specific individual, even if an entire set is not disclosed
Personally Identifiable Information (PII)
Refers to the "hacking" of the systems and computers used by a telephone company to operate its telephone network
Phreaking
______ can be defined as the power to control what others know about you and what they can do with that information
Privacy
_______ uses the approach of protecting something by hiding it
Security through Obscurity
_________ ensures that for any given task, more than one individual needs to be involved
Separation of Duties
____states than no subject (such as user or program) can read information from an object (such as a file) with a security classification higher than that possessed by the subject itself.
Simple Security Rule
______ is the process of convincing an authorized individual to provide confidential information or access to an unauthorized individual.
Social Engineering
Protection = Prevention + (Detection + Response)
This is know as the operational model of computer security
