P1L1: Security Mindset

Question 1

What is of value that you are trying to protect from attackers?

Answer 1

data

Question 2

What are the 2 kinds of companies?

Answer 2

1. Companies that have been hacked and know it

2. Companies that have been hacked and DON’T know it.

Question 3

What threat sources are there to worry about?

Answer 3

Cyber criminals
Hacktivists
Nation States

Question 4

Where are the vulnerabilities?

Answer 4

software
networks
humans

Question 5

What are the C.I.A. in the CIA model?

Answer 5

Confidentiality
Integrity
Availability

Question 6

Cyber attacks can have ________ consequences?

Answer 6

physical

Question 7

What should the good guys do in a security conscious world?

Answer 7

Prevention
Detection
Response
Recovery and remediation
policy vs mechanism

Question 8

How does one go about reducing vulnerabilities?

Answer 8

Economy of mechanism–keep systems small and simple

Fail-safe defaults–means default access is denied

Complete mediation–no one should be able to bypass security measures

Open design–no secrecy

Least privilege–minimum level of access needed

Psychological acceptability–don’t expect people to do what is inconvenient

Question 9

What is Economy of mechanism?

Answer 9

Keep systems small and simple

Question 10

Fail-safe defaults means what?

Answer 10

means default access is denied

Question 11

Wat is Complete Mediation?

Answer 11

no one should be able to bypass security measures

Question 12

What does open design mean?

Answer 12

open design–no secrecy

Question 13

What is Least privilege?

Answer 13

providing the minimum level of access needed

Question 14

What is Psychological acceptability?

Answer 14

don’t expect people to do what is inconvenient

Question 15

Computer security is protection of the integrity, availability and confidentiality of information system resources. T/F

Answer 15

True

Question 16

Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them. T/F

Answer 16

True

Question 17

Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system. T/F

Answer 17

True

Question 18

The first step in devising security services and mechanisms is to develop a security policy. T/F

Answer 18

True

Question 19

_____ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

Answer 19

System Integrity

Question 20

A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy is a(n) _____.

Answer 20

Vulnerability

Question 21

A(n) _____ is an attempt to learn or make use of information from the system that does not affect system resources.

Answer 21

passive attack

Question 22

Masquerade, falsification and repudiation are threat actions that cause _____ threat consequences.

Answer 22

deception

Question 23

The _____ prevents or inhibits the normal use or management of communication facilities.

Answer 23

denial of service

Question 24

The assurance that data received is exactly as sent by an authorized entity is _____.

Answer 24

data integrity

Question 25

Confidentiality, Integrity and Availability form what is often referred to as the _______

Answer 25

CIA triad

Question 26

A(n) ______ is a threat that is carried out and, if successful, leads to an undesirable violation of security or threat consequence.

Answer 26

attack

Question 27

Misappropriation and misuse are attacks that result in ______ threat consequences.

Answer 27

usurpation

Question 28

Release of message contents and traffic analysis are two types of ______ attacks.

Answer 28

passive

Question 29

Security implementation involves four complementary courses of action: prevention, detection, response and _____.

Answer 29

recovery

Question 30

Cybercriminals

Answer 30

Want to profit from sensitive information

Question 31

Hacktivists

Answer 31

Don't like you or something do

Question 32

Nation-states

Answer 32

China and North Korea

Question 33

Confidentiality

Answer 33

Data confidentiality: private information not disclosed to outsiders Privacy: Individuals control information related to them

Question 34

Integrity

Answer 34

Data integrity: Information only changed in an authorized manner System integrity: System is performing as intended

Question 35

Availability

Answer 35

Service not denied and not slow

Question 36

what is an active attack?

Answer 36

attempt to alter resources or affect operation

Question 37

What is a Passive attack?

Answer 37

Attempt to learn from system that does not affect resources

Question 38

What is a threat agent?

Answer 38

person carrying out attack

Question 39

Deception

Answer 39

Masquerade Falsification: false data deceive an authorized entity Repudiation: Falsely denying responsibility for an act

Question 40

Disruption

Answer 40

Incapacitation: disables system component Corruption: alters system operation Obstruction: interrupts delivery of system services

Question 41

Usurpation

Answer 41

Misappropriation: Gets unauthorized system resources Misuse: Cause system to perform function detrimental to security