Mod 1

Question 1

Define security

Answer 1

A state of freedom from a danger or risk

Question 2

What are the 3 security dimensions? (C.I.A)

Answer 2

Confidentiality
Integrity
Availability

Question 3

Define confidentiality

Answer 3

information in the system that may be disclosed to unauthorized party

Question 4

Define integrity

Answer 4

the data received has to be the original data intended and has not been manipulated

Question 5

Define availability

Answer 5

information and computing resources can be obtained according to a quality service definition

Question 6

What are the tools for confidentiality?

Answer 6

Encryption
Access control
Authentication
Authorization

Question 7

Define encryption

Answer 7

transformation of information using a secret encryption key so that it can only be read using the same decryption key

Question 8

Define access control

Answer 8

rules and policies that limit access to confidential information to those who need to know

Question 9

Define authentication

Answer 9

a determination of identity based on a combination of
- something the actor has (keys)
- something the actor knows (passwords)
- something the agent is (biometrics)

Question 10

Define authorization

Answer 10

a determination if an actor is allowed access to resources based on an access control policy

Question 11

What are the tools for integrity?
(3)

Answer 11

Backups
Checksums
Data Correcting Codes

Question 12

What are the tools for availability?

Answer 12

Physical protections
Computational redundancies

Question 13

Define asset

Answer 13

something of value which has to be protected

Question 14

Define attack / exploit

Answer 14

an abuse of a system’s vulnerability

Question 15

Define control

Answer 15

mitigation measure that reduces a system’s vulnerability

Question 16

Define exposure

Answer 16

possible loss or harm to a computing system

Question 17

Define threat

Answer 17

circumstances that have potential to cause loss or harm

Question 18

Define vulnerability

Answer 18

a weakness in a computer system that may be expoited to cause loss or harm

Question 19

Define risk

Answer 19

the likelihood that a threat agent will exploit a vulnerability

Question 20

What are the 4 goals of security policies?

Answer 20

Identify organizational assets that need protecting
Define the level of protection/recovery needed for different assets
Define responsiblilities of individuals
Include security procedures & technologies to be maintained

Question 21

Give examples of the different scopes/tiers of a security policy (3)

Answer 21

Global - addresses everyone and everything
Specific topic - addresses special issues of current relevance
App specific - addresses a specific app/function/system

Question 22

Give examples of security policies

Answer 22

Acceptable Use Policy
Security-Related Human Resource Policy
Password Management Policy
Personal Identifiable Information Policy
Disposal and Destruction Policy
Classification of Information Policy
Ethics Policy

Question 23

What does an Acceptable Use Policy define?

Answer 23

Actions a user may perform while accessing systems and networking equipment, as well as explicit prohibitions regarding security

Question 24

What is generally considered to be the most important information security policy?

Answer 24

Acceptable Use Policy

Question 25

What does a Security-Related Human Resource Policy entail?

Answer 25

Information about technology resources and how they should be used, and the due process should anyone break the AUP

Question 26

Which policy sets the rules for, and how frequently passwords must be changed?

Answer 26

Password Management Policy

Question 27

What issues are addressed in a Disposal and Destruction Policy?

Answer 27

How long records and data are retained. How to dispose of confidential resources.

Question 28

What's the purpose of Classification of Information Policies (CIP)?

Answer 28

to produce a standardized framework for classifying information assets