Intro to Information Security Chapter 1 – Flashcards
Unlock all answers in this set
Unlock answersquestion
ARPANET
answer
The predecessor to the Internet.
question
MULTICS
answer
An early OS that computer security concepts were first tested on. It had security built in - Ken Thompson & Dennis Richie came from this project.
question
Info Security Concept - Access
answer
The ability to use and modify a computer system.
question
Info Security Concept - Asset
answer
A resource that is being protected.
question
Info Security Concept - Attack
answer
Intentional or unintentional compromise or damage of data.
question
Info Security Concept - Control
answer
Factors that can counter security vulnerabilities (e.g. procedures, policies, mechanisms).
question
Info Security Concept - Exploit
answer
A known process to take advantage of a vulnerability or the act of using that process.
question
Info Security Concept - Exposure
answer
A known exploit that is present on a computer systems.
question
Info Security Concept - Loss
answer
Confidential information that is attacked and disclosed suffers a loss.
question
Info Security Concept - Protection Profile
answer
Encompassing control, policy, education, training and awareness, and technology that an organization implements.
question
Info Security Concept - Risk
answer
The probability that something unwanted will happen.
question
Info Security Concept - Subjects and Objects
answer
A computer can either be a subject in an attack - performing the attack - or an object - on the receiving end of the attack.
question
Info Security Concept - Threat
answer
A collective of objects or persons that threaten an asset.
question
Info Security Concept - Threat Agent
answer
A specific instance of a threat - a single virus.
question
Info Security Concept - Vulnerability
answer
A known hole in a software package that can be used in an exploit.
question
Information Characteristics - Availability
answer
That ability for authorized users to access information unobstructed and in the correct format.
question
Information Characteristics - Accuracy
answer
When information is free from errors and is in the format that the end users expect.
question
Information Characteristics - Authenticity
answer
When information is in its original state, not tampered with.
question
Information Characteristics - Confidentiality
answer
When information is protected from unauthorized users.
question
Information Characteristics - Integrity
answer
Information that is whole, uncorrupted, and authentic.
question
Information Characteristics - Utility
answer
Information that can serve a purpose and is useful. The data must be in a format that the end users can use.
question
Information Characteristics - Possession
answer
Ownership or control over information. The possession of information doesn't imply accessibility.
question
Six Components of an Information System
answer
Software, Hardware, Data, Networks, Policies/Procedures, and People
question
Systems Development Life Cycle (SDLC)
answer
A methodology that is used to develop an information system.
question
Methodology
answer
A structured, multi-step process that is used to develop a system.
question
SDLC - Investigation
answer
The first step in the SDLC. Investigate feasibility and cost, and outline project scope and goals.
question
SDLC - Analysis
answer
The second step in the SDLC. Assess current system against new system, develop system requirements, study integration with old system.
question
SDLC - Logical Design
answer
The third step in the SDLC. Assess business needs against preliminary plan , select apps/data support/structures, create multiple solutions.
question
SDLC - Physical Design
answer
The fourth step in the SDLC. Select technologies to support step 3 solutions, select best solution, decide to make or buy components.
question
SDLC - Implementation
answer
The fifth step in the SDLC. Develop/Buy software, document system, train users.
question
SDLC - Maintenance and Change
answer
The sixth step in the SDLC. Support/Modify system during life cycle, test against business needs, patch and upgrade as necessary.
question
Security Systems Development Life Cycle (SecSDLC)
answer
The methodology used to create Information Systems with security built in.
question
What is the difference between vulnerability and exposure?
answer
Vulnerability is a fault witin the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or damage. Exposure is a single instance when a system is open to damage. Vulnerabilities can in turn be the cause of exposure.
question
Who has the definition of hack evolved over the last 30 years?
answer
In te early days of computing, enthusiasts were called hacks or hackers, because they could tear apart the instruction code or even the comptuer itself to manipulate its output. The term hacker at one time expressed respect for anothers ability. In recent years the association with an illigal activity has negativly tinged the term.
question
What type of security was dominant in the early years of computing?
answer
Early security was entirely physical security.
question
What re the tree components of te CIA triangle and what are they used for?
answer
Confidentiality: Informations should only be accessible to its intended recipients. Integrity: Information should arrive the same as it was sent. Availability: Information should be available to those authorized to use it.
question
If the CIA triangle is incomplete, why is it so commonly used in security?
answer
The CIA trianle is still used because it addresses the major concerns with the vulnerability of information systems
question
Describe the critical characteristics of information. How are they used in the study of computer security?
answer
Availability: Authorised users can access the information Accuracy: free from errors Authenticity: genuine Confidentiality: preventing disclosure to unauthorized individuals. Integrity: whole and uncorrupted. Utility: has a value for some purpose Possession: Ownership
question
Identify the five components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study?
answer
Software, Hardware, Data, People, Procedures
question
In the history of the study of computer security, what system is the father of almost all modern multiuser systems?
answer
Mainframe computer systems
question
What paper is the foundation of all subsequent studies of computer security?
answer
Rand Report R-609
question
How is the top down approach to information security suerior to the bottom up approach?
answer
Bottom up lacks a number of critical features such as participant support and organizational staying power, whereas top down has strong upper management support, dedicated funding, clear planning and the oppertunity to influence organizations culture.
question
Why is a methodology important in the implementation of information security? How does a methodology imporve the process?
answer
A formal methodology ensures a rigorus process and avoids missing steps.
question
Who is involved in the security development life cycle? Who leads the process?
answer
Security professionals are involved in the SDLC. Senior magagement, security project team and data owners are leads in the project.
question
How does the practice of information security qualify as both an art and a science? How does security as a social science influence its practice?
answer
Art because there are no hard and fast rules especially with users and policy. Science because the software is developed by computer scientists and engineers. Faults are a precise interaction of hardware and software that can be fixed given enough time.
question
Who is ultimatly responsible for the security of information in the organization?
answer
The Cheif Information Security Officer (CISO)
question
What is the relationship between the MULTICS project and early development of computer society?
answer
It was the first and operating system created with security as its primary goal. Shortly after the restructuring of MULTICS, several key engineers started working on UNIX which did not require the same level of security.
question
Who has computer security evolved into modern information security?
answer
In the early days before ARPANET machines were only physically secured. After ARPANET it was realised that this was just one componen.
question
What was important about Rand Report R-609?
answer
RR609 was the first widly recognized published document to identify the role of management and policy issues in computer security.
question
Who decides how and when data in an organization will be used and or controlled? Who is responsible for seeing these wishes are carried out?
answer
Control and use of data in the Data owners are responsible for how and when data will be used, Data users are working with the data in their daily jobs.
question
Who should lead a security team? Should the approach to security be more magerial or technical?
answer
A project manager with information security technical skills. The approach to security should be managerial, top down.
question
How is information security a management problem? What can management do that technology cannot?
answer
Managment need to perform detailed risk assessments and spend hudreds of thousands of dollars to protect the the day to day functioning of the organization. Technology set policy, nor fix social issues.
question
Why is data the most important asset and organization possesses? What other assets in an organization require protection?
answer
Data in an organization represents its transaction records and its ability to deliver value to its customers, without this the organization would not be able to carry out day to day workings. Other assests that require protection include the ability of the organization to function and the safe operation of applications, technology assets and people.
question
It is important to protect data in motion and data at resst. In what other state must data be Protected? In which of the three states is data most difficult to protect?
answer
Data being processed is the third state of data. Data in motion is the most difficult to protect, because once it leaves the organization anything could happen to it.
question
How does a threat to information security differ from an attack? How can the two overlap?
answer
A threat is a weakness in the system that could potentially be exploited, an attack is the realization of the thread that causes damage to the system. They overlap because a Threat agent attacks a system using a threat
question
How can dual controls, such as two person conformation, reduce the threats from acts of human error and failure? What other controls can reduce this threat?
answer
Employees are one of the greatest threats in information security, either intentional or via human error. Dual controls reduce this because additional people are required to check which prevents mistakes and requires collaboration between people intentionally doing harm. Other methods include backups, approve before delete, limit access of drives and applications to employees who 'need-to-know'
question
Why do employees constitute one of the greatest threats to information security?
answer
Because they have access to all information, they can maliciously or unintentionally cause damage to data and hardware.
question
What measures can individuals take to protect against shoulder surfing?
answer
- Be aware of who is around when accessing confidential information - limit the number of times you access confidential information- Avoid accessing confidential information while others are present.
question
How has the perception of the hacker changed in recent years? What is the profile of the hacker today?
answer
Classical is 14-18 year old male with little parental supervision. Modern is 13-70 male or female well educated person.
question
What is the difference between a skilled hacker and an unskilled hacker?
answer
A skilled hacker develops software and code exploits, and masters many technologies like programming, network protocols and operating systems. The unskilled hacker uses expert written software to exploit a system, ususally with little knowledge of how it works.
question
What are the various types of malware? How do worms differ from viruses? Do trojan horses carry viruses or worms?
answer
Types of malware: Viruses, worms, trojan horses, logic bombs and back doors. Viruses and worms both replicate and can do damage, but worms are typically stand alone programs. A trojan horse may carry either.
question
Why does polymorphism cause greater concern than traditional malware? How does it affect detection?
answer
Because it changes over time making it more difficult to detect.
question
What is the most common form of violation of intellectual property? How does an organization protect against it? What agencies fight it?
answer
Software Piracy. Software licencing helps to fight this. Software information industry association (SIIA) and Business Software Alliance (BSA) both fight against IP Violations.
question
What are the various types of force majeure? Which type might be of greatest concern to an organization in Las vegas? Oklahoma City? Miami? LA?
answer
Force Majeure = Force of Nature. LA might be dust, tornadoes would be a concern in Atlanta etc...
question
How does technological obsolence constitue a threat to information security? How can an organization protect against it?
answer
It occurs when technology becomes outdated, and results in an increased threat. Proper planning is the best way to fight it, outdated technologies must be replaced in a timley fashion.
question
What is the difference between an exploit and a vulnerability?
answer
A vulnerability is a weakness in a system. An exploit takes advantage of a vulnerability to perform some unintended action.
question
What are the types of password attacks? What can an admin do to prevent them?
answer
Cracking, Brute force and Dictionary attacks are the 3 types of password attacks. Limit the number of password attempts, enforce minimum complexity policy (numbers, capitals etc), disallows dictionary words in passwords.
question
What is the difference between a DOS and a DDOS? Which is potentially more devastating? Why?
answer
DOS attacks are a single user sending a large number of connections in a attempt to overwhelm a target server. DDOS is when many users (or many compromised systems) simultaneously perform a DOS attack. The DDOS is more dangerous because unlike a DOS there is no single user you can block, no easy way to overcome it.
question
For a sinffer attack to succeed, what must the attacker do? How can an attacker gain access to a netowrk to use the sniffer system?
answer
The attacker must first gain access to a network to install the sniffer. Usually this is done using social engineering to get into the building to plant a physical sniffer device.
question
What are some ways a social engineering hacker can attempt to gain information about a user's login and password? How would this type of attack differ if it were targeted towards administrators assistant versus a data entry clerk?
answer
Most commonly it is done by roleplaying someone else, eg a maintanence team or a janitor to get physical access to assets. A data entry clerk may be easily swayed by mentioning the CEO would get pissed, whereas someone higher up would require more convincing.
question
What is a buffer overflow and how is it used against a webserver?
answer
A buffer overflow occurs when more data is sent then the receivers buffer can handle - usually resulting in non-buffer application memory being overwritten. Buffer overflow on a webserver may allow an attacker to run executable code on the webserver either maniuplating files directly or creating a backdoor for later use.
