LO6

Question 1

What are the different sides of the McCumber Cube?

Answer 1

Safeguards
CIA
Asset State

Question 2

What is CIA?

Answer 2

Confidentiality, Integrity and Availability.

Confidentiality - Keeps users data private

Integrity - Assurance the system preserves data

Availability - Assurance users can access resources

Question 3

What are safeguards?

Answer 3

Policy and Practices - The controls an organisation puts in to ensure people mitigate risks

Human Factors - The training provided by an organisation to avoid risks such as viruses and social engineering tactics

Technology - The software and hardware solutions used to protect systems

Question 4

What is Asset State?

Answer 4

Storage - Most valuable but easiest to protect as is in a hard drive, memory or an external device

Transmission - Data being moved between systems

Processing - The data is currently being used so considered vulnerable

Question 5

What is an attack vector?

Answer 5

A path an attacker takes to access an asset.

Question 6

Provide an example of an attack vector?

Answer 6

Phishing
Code injection
Malware

Question 7

What does STRIDE stand for and what does each letter mean?

Answer 7

Spoofing - Pretending to be someone else

Tampering - Changing data in some manner

Repudiation - Hiding your tracks

Information Disclosure - Exposure of users data

Denial of Service - Target service availability i.e setting off a fire alarm to stop an exam

Elevation of Privilege - Finding a method of performing tasks that the user isn’t authorised to do so.