Exam 1 Flashcards
(30 cards)
What is cybersecurity?
Protection of networked system and data from unauthorized use or harm
offline identity is?
your identity that interacts on a regular basis at home, school or work
Online identity is?
Your identity while you are in cyberspace
your data is?
medical records, education recors and emplyment and financial records
how to the criminals get your money?
online credentials and creative schemes
goals of cybersecurity?
confidentiallity, integrity and availability
ruined reputation, vandalism, theft, revenue lost and damaged intellectual property are
impacts of a security breach
who is the most dangerous attacker
script kiddies
what is the most common type of security attacks?
internal security attacks
what is cyberwarfare
use to gain advantage over adversaries, nations or competitors
what is risk managment
A process aiming at an efficient balance between realizing opportunities for gains while minimizing vulnerabilities and losses
What it is for and the focus of OCTAVE
A risk based stategic assessment and planning technique for security and is focused on strategic, and practice related issues
SP-800-30 NIS Explain what is for and its focus
Is a guide for conducting risk assessments of federal information systems and organizations and is focus is to provide senior leaders with the information needed to determine appropiate courses of action in response to identified risks
explain the difference between qualitative and cuantitative risk managment
qualitative risk does not analyze the risks mathematically to identify the probability meanwhile quantitative uses probability to characterize the risk probability and impact
what are the steps for cuantitative risk managment
Determine the asset value, identify threats to the asset, determine the exposure factor, calculate the single loss expectancy, calculate the annualized rate of occurance and calculate the annualized loss expectancy
how do you calculate the asset value?
based on their book values and replacement costs
what is the exposure factor? and how do you compute it?
A subjective potential percentage of loss to a specific asset if a specific threat is realized and is calculated by the vulnerability and its consequences to the asset when the threat occurs
how do you calculate the ALE and what is it for?
Is the annual expected financial loss to an organization’s information asset because of a particular threat occurring within that same calendar year. It is calculated as ALE = SLE x ARO
What is Cryptography, Cryptology and Cryproanalysis
Cryptography: the art of writing and solving codes, cryptoanalisis: act of studying a cryptographic algorithm, to try to break the protection of encryption and cryptology: inventing codes and breaking them
Substitution and Transposition are types of cyphers?
Yes
Transposition is
rearranging the order of the ciphertext to break any repeating patterns in the
underlying plaintext.
subtitution is
one set of bits is exchanged for another.
confusion is
The interceptor should not be able to predict what will happen to the ciphertext by changing
one character in the plaintext.
diffusion is
The cipher should also spread the information from the plaintext over the entire ciphertext so
that changes in the plaintext affect many parts of the ciphertext.
