Chapter 1

Question 1

cia triad

Answer 1

• confidentiality
• integrity
• availibility

Question 2

confidentiality

Answer 2

measures used to protect the secrecy of data, resources, objects

Question 3

goal of confidentiality protection

Answer 3

minimize unauthorized data access

Question 4

security controls for confidentiality protection

Answer 4

• encryption
• access control
• steganography

Question 5

object

Answer 5

a passive element in a security relationship, e.g., files, networks, apps

Question 6

subject

Answer 6

an active element in a security relationship, e.g., users, computers, programs

Question 7

access control

Answer 7

management of a subject-object relationship

Question 8

confidentiality attacks

Answer 8

• capturing network traffic
• stealing password files
• social engineering
• port scanning
• shoulder surfing
• eavesdropping
• sniffing
• escalating privileges

Question 9

causes of unintentional data disclosures

Answer 9

• human error
• oversight
• ineptitude

Question 10

countermeasures to ensure confidentiality

Answer 10

• encryption
• network traffic padding
• rigorous access control
• strict authentication process
• data classification
• personnel training

Question 11

sensitivity

Answer 11

the quality of safeguarded data/info that in the event of unauthorized disclosure, may lead to damage

Question 12

discretion

Answer 12

• minimize damage/harm by controlling info disclosure

- disclosure is influenced by an operator

Question 13

criticality

Answer 13

• the importance of info to a mission

- more critical info should have more safeguards

Question 14

concealment

Answer 14

• minimize disclosure by hiding info

Question 15

secrecy

Answer 15

minimize disclosure of info

Question 16

privacy

Answer 16

keeping PII confidential, especially to prevent harm

Question 17

seclusion

Answer 17

reinforce confidentiality via compartmentalization and access control

Question 18

isolation

Answer 18

keeping info seperate

Question 19

integrity

Answer 19

ability to protect reliability and correctness of info

Question 20

integrity achieved by

Answer 20

• preventing unauthorized access/changes

- keeping data consistent, especially internal/external

Question 21

aspects of integrity

Answer 21

• validity
• authenticity
• completeness
• accuracy
• truthfulness
• non-repudiation
• accountability
• responsibility
• comprehensiveness

Question 22

non-repudiation

Answer 22

situation where subject of event cannot dispute that event occured

Question 23

availability

Answer 23

uninterrupted access to objects to all authorized subjects

Question 24

usability

Answer 24

something that is easy to use

Question 25

accessibility

Answer 25

- an aspect of availability | - something accessible to anyone regardless of capabilities

Question 26

timeliness

Answer 26

- an aspect of availability | - prompt or done within a time constraint

Question 27

identification

Answer 27

- confirming identity prior to accessing a secure system

Question 28

authentication

Answer 28

proving the confirmed identity

Question 29

authorization

Answer 29

allowing access to a certain object for a specific identity

Question 30

auditing

Answer 30

- aka monitory | - creating a record of all activities of subjects interacting with objects

Question 31

accountability

Answer 31

- reviewing audit logs, verifying compliance and holding people accountable

Question 32

layering

Answer 32

multiple controls applied against a specific threat

Question 33

abstraction

Answer 33

- classifying similar elements into groups | - applying similar controls to similar objects

Question 34

data hiding

Answer 34

hiding data from unauthorized subjects

Question 35

encryption

Answer 35

methods for concealing data

Question 36

security management planning

Answer 36

developing and implementing security policies

Question 37

security management approaches

Answer 37

- top down | - bottom up (rarely used)