SRA Quiz # 1

Ace your homework & exams now with Quizwiz!

15. In the first phase of SDLC we define the :

Project Scope and stakeholders

The second phase of SDLC is known as :

Analysis Phase

Once the information security system is implemented, the next step is to provide constant maintenance

False

19. Give an example how CIA model can be used to protect data during the transmission from both active and passive attacks.

CIA model can be used to protect data during transmission from both passive and active attacks. For example, the use of encryption prevents unauthorized users from reading the packet contents (i.e., prevention from passive attacks) and the use of Hash algorithm protects the data integrity (i.e., prevention from active attacks).

CIA stands for:

Confidentiality, Integrity and Availability

Information system has the following six main components:

Data, Software, Hardware, Network, Procedures, and People

During which phase of SDLC security designer proposes several alternative solutions to the problem

Design Phase

Files on your computer can be made unreadable to others by using:

Encryption

Information Security provides security to limited computer systems and network devices.

False

User authentication ensures that the received message has not been modified during the transmission.

False

One good example of protecting networks from unauthorized access is to use:

Firewall and Intrusion Detection System

20. With the help of a real world information security project example, describe how you would use the secure SDLC in the implementation of this project.

For a real world information security project, we should strictly follow the different phases of SDLC. For instance, in the first phase, we can gather requirements in the context of security (e.g., what type of security they want us to implement. Do they want to deploy technology or they just want to design security policies and procedures that their employees can practice etc.). In the 2nd phase, we can thoroughly analyze the existing security system and find out how we will integrate the new system - what security features are currently missing in respect to customer's requirements and so on. In the same manner, we can follow the rest of the SDLC phases.

Whichever solution was approved by the organization or customer, it's developed and implemented in the:

Implementation Phase

The first phase of SDLC is known as:

Investigation Phase

The last phase of SDLC is known as:

Maintenance phase

In the Analysis Phase of SDLC, we use the results of the previous phase to analyze _________ , _______________, and ___________________

Objectives of the project, status of the organization, and integration with the new security system

Availability means:

Resources should be accessible at the required time and usable only by the authorized entity

Open End-ed question -18. Briefly describe the significance of Secure SDLC in the design and implementation of an information security system.

SDLC provides a methodology to design, develop, and implement an information security system for an organization in a systematic way.

Information security System must protect data during the following three stages:

Store, processing, and transmission

14. SDLC stands for

System Development Life Cycle

All internal security policies and procedures of an organization must be protected from unauthorized access/users.

True

Computer Security does not concern what information is stored in computer system and where that information came from.

True

_____ A user authentication ensures that the received information at the destination system is indeed coming from a legitimate claimed sender.

True

Testing Phase

When the project is implemented, we test & evaluate against different known scenarios to determine whether the project is meeting customer's requirement

HASH Algorithm

algorithm is one of the ways to ensure data integrity.

Digital Signature

are used to verify sender's identity

HASH Algorithm

can be used to implement data integrity

CIA Model

can be used to protect the data during the transmission.

Data Integrity

ensures that an attacker cannot change or destroy information, either while it is on a computer or while it is travelling across a network.

Computer Security

ensures that computer systems are working properly and they are available to authorized users whenever they need them

Message authentication

ensures that the information received at the receiver side is not modified during the transmission

The use of Encryption:

ensures the confidentiality of transmitted packets

b. Hardware

is the main technology that executes the software, store and carries the date, and provides an interface to enter and retrieve the information from the system.

Active Attack

is the one in which an attacker can intercept the transmitted packets over a wireless link and not only he/she can read the contents of the packets but can also make modifications before retransmission to the destination system.

Passive Attack

is the one in which an attacker can intercept the transmitted packets over a wireless link and read the contents without making modifications.

Personal security

is the security of all the stakeholders such as people who are authorized to access the organization and its operation.

Communication Security

is the security of organization's media, technology and its content.

Physical Security

policies ensure that the important hardware is secured by keeping them in a secure restricted area.

The use of Confidentiality :

prevents an organization from a passive attacks

The use of Data Integrity:

prevents an organization from an active attack.

System development life cycle

provides a methodology to design and implement an information system for an organization in a systematic way.

Briefly explain each security goal of the CIA model:

provides confidentiality to sensitive information by implementing encryption and decryption. Using data integrity, It ensures that information either stores on computers or transmits via communication links should not be altered by an unauthorized users. If alters, it should be detected by the destination system. The availability in CIA model ensures that all resources (such as hardware, software, network, information, etc) should be available to authorized users whenever they need them.

Confidentiality

refers to hiding information from unauthorized users

Network security

refers to the security of all networking devices, network connections (e.g., TCP connections) and its contents.

Operation security

refers to the security of all the internal operations or series of activities that are typically done on day-by-day basis.

Information Security

refers to the security of information and the information system from unauthorized access, misuse of information, modifications, and inspection.

Physical security

refers to the security of items, objects, and area that physically exist in the organization from unauthorized access or misuse.

Network security

refers to the security of routers, bridges, switches, and TCP connections

Procedure Security

security of all internal operations & series of activities done on daily basis.


Related study sets

Psychology 375 Cognition - Final

View Set

networking threats, assessments, and defenses

View Set

GOVT2305 - U.S. Government - Chapter 4

View Set

Chapter 30: An Introduction to Animals

View Set