Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
40 Cards in this Set
- Front
- Back
|
What is the difference between a threat and a threat agent?
|
A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack.
|
|
|
What is the difference between vulnerability and exposure?
|
Vulnerability is a fault witin the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or damage.
Exposure is a single instance when a system is open to damage. Vulnerabilities can in turn be the cause of exposure. |
|
|
Who has the definition of hack evolved over the last 30 years?
|
In te early days of computing, enthusiasts were called hacks or hackers, because they could tear apart the instruction code or even the comptuer itself to manipulate its output. The term hacker at one time expressed respect for anothers ability. In recent years the association with an illigal activity has negativly tinged the term.
|
|
|
What type of security was dominant in the early years of computing?
|
Early security was entirely physical security.
|
|
|
What re the tree components of te CIA triangle and what are they used for?
|
Confidentiality: Informations should only be accessible to its intended recipients.
Integrity: Information should arrive the same as it was sent. Availablility: Information should be available to those authorized to use it. |
|
|
If the CIA triangle is incomplete, why is it so commonly used in security?
|
The CIA trianle is still used because it addresses the major concerns with the vulnerability of information systems
|
|
|
Describe the critical characteristics of information. How are they used in the study of computer security?
|
Availability: Authorised users can access the information
Accuracy: free from errors Authenticity: genuine Confidentiality: preventing disclosure to unauthorized individuals. Integrity: whole and uncorrupted. Utility: has a value for some purpose Possession: Ownership |
|
|
Identify the five components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study?
|
Software, Hardware, Data, People, Procedures
|
|
|
In the history of the study of computer security, what system is the father of almost all modern multiuser systems?
|
Mainframe computer systems
|
|
|
What paper is the foundation of all subsequent studies of computer security?
|
Rand Report R-609
|
|
|
How is the top down approach to information security suerior to the bottom up approach?
|
Bottom up lacks a number of critical features such as participant support and organizational staying power, whereas top down has strong upper management support, dedicated funding, clear planning and the oppertunity to influence organizations culture.
|
|
|
Why is a methodology important in the implementation of information security? How does a methodology imporve the process?
|
A formal methodology ensures a rigorus process and avoids missing steps.
|
|
|
Who is involved in the security development life cycle? Who leads the process?
|
Security professionals are involved in the SDLC. Senior magagement, security project team and data owners are leads in the project.
|
|
|
How does the practice of information security qualify as both an art and a science? How does security as a social science influence its practice?
|
Art because there are no hard and fast rules especially with users and policy.
Science because the software is developed by computer scientists and engineers. Faults are a precise interaction of hardware and software that can be fixed given enough time. |
|
|
Who is ultimatly responsible for the security of information in the organization?
|
The Cheif Information Security Officer (CISO)
|
|
|
What is the relationship between the MULTICS project and early development of computer society?
|
It was the first and operating system created with security as its primary goal. Shortly after the restructuring of MULTICS, several key engineers started working on UNIX which did not require the same level of security.
|
|
|
Who has computer security evolved into modern information security?
|
In the early days before ARPANET machines were only physically secured. After ARPANET it was realised that this was just one componen.
|
|
|
What was important about Rand Report R-609?
|
RR609 was the first widly recognized published document to identify the role of management and policy issues in computer security.
|
|
|
Who decides how and when data in an organization will be used and or controlled? Who is responsible for seeing these wishes are carried out?
|
Control and use of data in the Data owners are responsible for how and when data will be used, Data users are working with the data in their daily jobs.
|
|
|
Who should lead a security team? Should the approach to security be more magerial or technical?
|
A project manager with information security technical skills. The approach to security should be managerial, top down.
|
|
|
How is information security a management problem? What can management do that technology cannot?
|
Managment need to perform detailed risk assessments and spend hudreds of thousands of dollars to protect the the day to day functioning of the organization. Technology set policy, nor fix social issues.
|
|
|
Why is data the most important asset and organization possesses? What other assets in an organization require protection?
|
Data in an organization represents its transaction records and its ability to deliver value to its customers, without this the organization would not be able to carry out day to day workings. Other assests that require protection include the ability of the organization to function and the safe operation of applications, technology assets and people.
|
|
|
It is important to protect data in motion and data at resst. In what other state must data be Protected? In which of the three states is data most difficult to protect?
|
Data being processed is the third state of data. Data in motion is the most difficult to protect, because once it leaves the organization anything could happen to it.
|
|
|
How does a threat to information security differ from an attack? How can the two overlap?
|
A threat is a weakness in the system that could potentially be exploited, an attack is the realization of the thread that causes damage to the system. They overlap because a Threat agent attacks a system using a threat
|
|
|
How can dual controls, such as two person conformation, reduce the threats from acts of human error and failure? What other controls can reduce this threat?
|
Employees are one of the greatest threats in information security, either intentional or via human error. Dual controls reduce this because additional people are required to check which prevents mistakes and requires collaboration between people intentionally doing harm.
Other methods include backups, approve before delete, limit access of drives and applications to employees who 'need-to-know' |
|
|
Why do employees constitute one of the greatest threats to information security?
|
Because they have access to all information, they can maliciously or unintentionally cause damage to data and hardware.
|
|
|
What measures can individuals take to protect against shoulder surfing?
|
- Be aware of who is around when accessing confidential information
- limit the number of times you access confidential information - Avoid accessing confidential information while others are present. |
|
|
How has the perception of the hacker changed in recent years? What is the profile of the hacker today?
|
Classical is 14-18 year old male with little parental supervision. Modern is 13-70 male or female well educated person.
|
|
|
What is the difference between a skilled hacker and an unskilled hacker?
|
A skilled hacker develops software and code exploits, and masters many technologies like programming, network protocols and operating systems. The unskilled hacker uses expert written software to exploit a system, ususally with little knowledge of how it works.
|
|
|
What are the various types of malware? How do worms differ from viruses? Do trojan horses carry viruses or worms?
|
Types of malware: Viruses, worms, trojan horses, logic bombs and back doors.
Viruses and worms both replicate and can do damage, but worms are typically stand alone programs. A trojan horse may carry either. |
|
|
Why does polymorphism cause greater concern than traditional malware? How does it affect detection?
|
Because it changes over time making it more difficult to detect.
|
|
|
What is the most common form of violation of intellectual property? How does an organization protect against it? What agencies fight it?
|
Software Piracy.
Software licencing helps to fight this. Software information industry association (SIIA) and Business Software Alliance (BSA) both fight against IP Violations. |
|
|
What are the various types of force majeure? Which type might be of greatest concern to an organization in Las vegas? Oklahoma City? Miami? LA?
|
Force Majeure = Force of Nature.
LA might be dust, tornadoes would be a concern in Atlanta etc... |
|
|
How does technological obsolence constitue a threat to information security? How can an organization protect against it?
|
It occurs when technology becomes outdated, and results in an increased threat. Proper planning is the best way to fight it, outdated technologies must be replaced in a timley fashion.
|
|
|
What is the difference between an exploit and a vulnerability?
|
A vulnerability is a weakness in a system. An exploit takes advantage of a vulnerability to perform some unintended action.
|
|
|
What are the types of password attacks? What can an admin do to prevent them?
|
Cracking, Brute force and Dictionary attacks are the 3 types of password attacks.
Limit the number of password attempts, enforce minimum complexity policy (numbers, capitals etc), dissalow dictionary words in passwords. |
|
|
What is the difference between a DOS and a DDOS? Which is potentially more devastating? Why?
|
DOS attacks are a single user sending a large number of connections in a attempt to overwhelm a target server.
DDOS is when many users (or many compramized systems) simultaniously perform a DOS attack. The DDOS is more dangerous because unlike a DOS there is no single user you can block, no easy way to overcome it. |
|
|
For a sinffer attack to succeed, what must the attacker do? How can an attacker gain access to a netowrk to use the sniffer system?
|
The attacker must first gain access to a network to install the sniffer. Usually this is done using social engineering to get into the building to plant a physical sniffer device.
|
|
|
What are some ways a social engineering hacker can attempt to gain information about a user's login and password? How would this type of attack differ if it were targeted towards administrators assistant versus a data entry clerk?
|
Most commonly it is done by roleplaying someone else, eg a maintanence team or a janitor to get physical access to assets. A data entry clerk may be easily swayed by mentioning the CEO would get pissed, whereas someone higher up would require more convincing.
|
|
|
What is a buffer overflow and how is it used against a webserver?
|
A buffer overflow occurs when more data is sent then the receivers buffer can handle - usually resulting in non-buffer application memory being overwritten. Buffer overflow on a webserver may allow an attacker to run executable code on the webserver either maniuplating files directly or creating a backdoor for later use.
|
