Topic 1 Reset

Question 1

Any transaction online, including online banking, software services, remote service providers, or online course platforms.

Answer 1

E-commerce

Question 2

What is E-commerce?

Answer 2

Any transaction online, including online banking, software services, remote service providers, or online course platforms.

Question 3

Characteristics of information to be useful

Answer 3

1. Accurate
2. Timely
3. Complete
4. Verifiable
5. Consistent
6. Available

Question 4

Characteristics of information to be useful

You might want:

Answer 4

1. Privacy
2. Protection against phishing, vishing
3. Integrity
4. Authentication
5. Authorization
6. Confidentiality
7. Non-repudiation
8. Availability

Question 5

Aspects of Information Needing protection

Availability

Answer 5

timely, reliable access to data and information services for authorized users

Question 6

Aspects of Information Needing protection

Integrity

Answer 6

you can only see the data but you cannot change it, protection against unauthorized modification or destruction of information

Question 7

Aspects of Information Needing protection

Confidentiality

Answer 7

assurance that information is not disclosed to unauthorized parties

Question 8

Aspects of Information Needing protection

Authentication

Answer 8

to identify and verify user’s identity , security measures to establish the validity of a transmission, message or originator

Question 9

Aspects of Information Needing protection

Non-repudiation

Answer 9

you cannot deny the authenticity/validity of an act you committed, sender given proof of data delivery and recipient given proof of sender’s identity so that neither can deny processed data

Question 10

Aspects of Information Needing protection

Answer 10

1. Availability
2. Confidentiality
3. Authentication
4. Non-repudiation

Question 11

is the resource being protected

Answer 11

Assets

Question 12

Assets

Physical assets

Answer 12

devices, computers, people

Question 13

Assets

Logical assets

Answer 13

information, data (in transmission, storage, or processing), and intellectual property

Question 14

Assets

System assets

Answer 14

any software, hardware, data, administrative, physical, communications, or personnel resource within an information system

Question 15

Attacks

Passive attack

Answer 15

an attack in which the attacker observes interaction with the system

Question 16

Active attack

Answer 16

an attack in which the attacker directly interacts with the system

Question 17

Unintentional attack

Answer 17

an attack where there is not a deliberate goal of misuse

Question 18

Exposure

Answer 18

is an instance when the system is vulnerable to attack

Question 19

Compromise

Answer 19

is a situation in which the attacker has succeeded

Question 20

is a recognized, action specific, generalized or theoretical that an adversary (threat actor) might be expected to take in preparation for an attack

Answer 20

Indicator

Question 21

Consequence

Answer 21

is the outcome of the attack, may cause the information system to lose effectiveness and may have other costs

Question 22

Consequence

Disruption

Answer 22

targets availability

Question 23

Consequence

Corruption

Answer 23

targets integrity

Question 24

Consequence

Exploitation

Answer 24

targets confidentiality

Question 25

is a type of consequence, involving accidental exposure of information to an agent not authorized access.

Answer 25

Inadvertent disclosure

Question 26

Taxonomy of attacks with relation to security goals

Answer 26

1. Threat to Confidentiality 2. Threat to integrity 3. Threat to availability

Question 27

# Taxonomy of attacks with relation to security goals Threat to Confidentiality

Answer 27

1. Snooping 2. Traffic analysis

Question 28

# Taxonomy of attacks with relation to security goals Threat to integrity

Answer 28

1. Modification 2. Masquerading 3. Replaying 4. Repudiation

Question 29

# Taxonomy of attacks with relation to security goals Threat to availability

Answer 29

Denial of service

Question 30

# Security Attack Confidentiality

Answer 30

information needs to be hidden from unauthorized access

Question 31

# Security Attack Integrity

Answer 31

protected from unauthorized change

Question 32

Availability

Answer 32

Available to an authorized entity when it is needed

Question 33

1. Accurate 2. Timely 3. Complete 4. Verifiable 5. Consistent 6. Available

Answer 33

Characteristics of information to be useful

Question 34

timely, reliable access to data and information services for authorized users

Answer 34

# Aspects of Information Needing protection Availability

Question 35

you can only see the data but you cannot change it, protection against unauthorized modification or destruction of information

Answer 35

# Aspects of Information Needing protection Integrity

Question 36

assurance that information is not disclosed to unauthorized parties

Answer 36

# Aspects of Information Needing protection Confidentiality

Question 37

to identify and verify user’s identity , security measures to establish the validity of a transmission, message or originator

Answer 37

# Aspects of Information Needing protection Authentication

Question 38

you cannot deny the authenticity/validity of an act you committed, sender given proof of data delivery and recipient given proof of sender’s identity so that neither can deny processed data

Answer 38

# Aspects of Information Needing protection Non-repudiation

Question 39

1. Availability 2. Confidentiality 3. Authentication 4. Non-repudiation

Answer 39

Aspects of Information Needing protection

Question 40

Assets

Answer 40

is the resource being protected

Question 41

devices, computers, people

Answer 41

# Assets Physical assets

Question 42

information, data (in transmission, storage, or processing), and intellectual property

Answer 42

# Assets Logical assets

Question 43

any software, hardware, data, administrative, physical, communications, or personnel resource within an information system

Answer 43

# Assets System assets

Question 44

an attack in which the attacker observes interaction with the system

Answer 44

# Attacks Passive attack

Question 45

an attack in which the attacker directly interacts with the system

Answer 45

Active attack

Question 46

an attack where there is not a deliberate goal of misuse

Answer 46

Unintentional attack

Question 47

is an instance when the system is vulnerable to attack

Answer 47

Exposure

Question 48

is a situation in which the attacker has succeeded

Answer 48

Compromise

Question 49

Indicator

Answer 49

is a recognized, action specific, generalized or theoretical that an adversary (threat actor) might be expected to take in preparation for an attack

Question 50

is the outcome of the attack, may cause the information system to lose effectiveness and may have other costs

Answer 50

Consequence

Question 51

targets availability

Answer 51

# Consequence Disruption

Question 52

targets integrity

Answer 52

# Consequence Corruption

Question 53

targets confidentiality

Answer 53

# Consequence Exploitation

Question 54

Inadvertent disclosure

Answer 54

is a type of consequence, involving accidental exposure of information to an agent not authorized access.

Question 55

1. Threat to Confidentiality 2. Threat to integrity 3. Threat to availability

Answer 55

Taxonomy of attacks with relation to security goals

Question 56

1. Snooping 2. Traffic analysis

Answer 56

# Taxonomy of attacks with relation to security goals Threat to Confidentiality

Question 57

1. Modification 2. Masquerading 3. Replaying 4. Repudiation

Answer 57

# Taxonomy of attacks with relation to security goals Threat to integrity

Question 58

Denial of service

Answer 58

# Taxonomy of attacks with relation to security goals Threat to availability

Question 59

information needs to be hidden from unauthorized access

Answer 59

# Security Attack Confidentiality

Question 60

protected from unauthorized change

Answer 60

# Security Attack Integrity

Question 61

Available to an authorized entity when it is needed

Answer 61

Availability