Untitled

Questions and Answers

Which scenario exemplifies a failure in confidentiality involving data access?

• A programmer debugging code.
• A system administrator backing up a database.
• An authorized user accessing data they are not permitted to view. (correct)
• An authorized employee accessing their own salary information.

In the context of data confidentiality, what does the policy definition 'Who + What + How = Yes/No' represent?

• A mathematical representation of data encryption.
• A method for auditing data modification logs.
• A framework for determining access control decisions. (correct)
• A strategy for classifying data sensitivity levels.

An organization is implementing measures to protect confidential information. Which of the following is a comprehensive approach that addresses various aspects of confidentiality?

• Restricting physical access to the server room.
• Implementing a strict password policy for all user accounts.
• Installing the latest antivirus software on all computers.
• Combining information classification, secure storage, security policies, and user education. (correct)

What is the primary purpose of encrypting sensitive data, both at rest and in transit, in the context of information confidentiality?

To prevent unauthorized access to the data. (B)

Which action would NOT be considered a best practice for maintaining information confidentiality?

Storing all documents without classification to simplify access. (A)

An organization implements role-based access control (RBAC) and multi-factor authentication. Which requirement of information confidentiality is being addressed?

Access control (D)

Which data masking technique replaces sensitive data with similar, but non-sensitive data?

Substitution (A)

What is the primary goal of ensuring data integrity?

To ensure data is accurate and complete (C)

During data transmission, what can threaten the integrity of information?

Data corruption (A)

Besides file size, what is another method for detecting viruses or worms?

File hashing (B)

In the command certutil -hashfile "path/to/your/file.txt" MD5, what does MD5 specify?

The hashing algorithm to use (D)

Which of the following is an example of maintaining data integrity?

Validating data inputs (C)

What does ensuring 'availability' of information primarily guarantee?

Reliable access by authorized personnel (A)

Which practice primarily ensures the availability of an information system during adverse conditions?

Creating redundant systems with backup power and data storage. (A)

What is the main purpose of having clearly defined disaster recovery plans?

To recover data and systems efficiently in the event of a disaster or attack. (A)

Why is establishing incident response protocols crucial for maintaining IT security?

To quickly act and limit system downtime during security breaches or attacks. (D)

What is the primary function of 'authenticity' in the context of data and file transfers?

Verifying the source or origin of data through proof of identity. (A)

Which of the following is an example of a strong authentication protocol used for user verification?

Requiring biometric data or digital signatures. (D)

How do authorization levels contribute to data security?

By defining user roles and permissions to ensure only authorized personnel access sensitive systems. (C)

Why should desktop documents be filed in an organized manner?

To ensure they are easy to locate in the future. (D)

What is a significant risk associated with sharing sensitive data via email?

The potential interception and access by hackers, compromising confidentiality. (D)

Which of the following best describes the purpose of implementing roles and permissions within a system's authorization level?

To ensure that only authorized users can access sensitive systems and data. (D)

What is the primary function of a 'Privilege List' in the context of system security?

A directory showing all privilege or access rights for a given subject. (A)

In the context of security, what does non-repudiation ensure?

That individuals cannot deny their actions due to a system providing proof of those actions. (C)

A customer digitally signs a transaction using their private key. How does the merchant verify this signature to ensure non-repudiation?

By using the customer's public key. (D)

Which of the following is NOT a key requirement for achieving non-repudiation?

Data encryption. (D)

Why is time-stamping important for non-repudiation requirements?

To record the exact time of a transaction to prevent backdating or future-dating. (D)

In what scenario is non-repudiation particularly important?

In e-commerce transactions. (C)

What type of storage facility is recommended for maintaining log records to support non-repudiation, and why?

Write Once Read Many (WORM) drives, to prevent unauthorized alterations to log records. (A)

Which security property ensures that information is ready for use and at the required performance level when needed?

Availability (B)

What is the primary goal of 'authentication' as a security property?

To verify that users are who they claim to be. (A)

Which of the following scenarios best illustrates a violation of the 'Confidentiality' pillar of information security?

A disgruntled employee gains unauthorized access to sensitive company financial reports. (C)

A company implements a system where all data modifications require approval from two designated employees. Which pillar of information security is this practice primarily intended to uphold?

Integrity (D)

Which of the following best describes the concept of 'Non-Repudiation' in the context of information security?

Guaranteeing that a sender cannot deny having sent a message or completed a transaction. (B)

A hospital's IT department implements redundant servers and backup power systems. Which of the five pillars of information security is being MOST directly addressed?

Availability (D)

A digital signature is used to ensure that an electronic document has not been altered during transmission and to verify the identity of the sender. Which two pillars of information security does a digital signature primarily support?

Integrity and Authenticity (C)

An online banking system requires multi-factor authentication, including a password and a one-time code sent to the user's mobile device. This security measure primarily aims to enhance:

Authenticity (B)

Consider a scenario where a company uses encryption to protect sensitive customer data stored in its database. If a fire destroys the data center, rendering the encrypted data unreadable, which of the following pillars is MOST directly compromised, despite the encryption?

Availability (A)

A company discovers that an employee has been accessing sales reports they are not authorized to view, but no data was altered or stolen. Which security pillar was violated, and what control could have prevented this?

Confidentiality; implementing access control lists. (A)

Flashcards

Confidentiality Breach

Unauthorized access by an authorized user.

Approximate Data Access

Accessing roughly the right data, but it's still a leak. (e.g., Salary ranges)

Data Existence Disclosure

Learning of sensitive information's existence.

Confidentiality Policy

Defines who can access what and how.

Confidentiality Measures

Classification, storage, policies, training, encryption.

Computer System Security

Protecting hardware, software, and data due to their inherent value.

Information Security

Protecting against and managing risks related to the use, storage, and transmission of data and information systems.

Confidentiality

Ensuring assets are viewed only by authorized parties.

Integrity

Ensuring assets are modified only by authorized parties.

Availability

Ensuring assets can be used by authorized parties when needed.

Authenticity

Confirming the identity of the sender.

Non-Repudiation

Confirming that a sender cannot convincingly deny having sent something.

Confidentiality Rules

High-level rules limiting access to all types of data and information.

Caesar Cipher

A method where each letter in a message is replaced by a letter a fixed number of positions down the alphabet.

Data Integrity

Ensuring that information is accurate, complete, and uncorrupted.

Viruses and Worms

Malicious software that can corrupt or destroy data.

File Hashing

A method to check file integrity by computing a unique number based on the file's content.

Hash Value

A value calculated from a file's content, used to verify its integrity.

certutil -hashfile

A command-line tool used to generate hash values of files.

Data Validation

Ensuring data is accurate, complete, and up-to-date.

Data Availability

Ensuring reliable access to information by authorized personnel.

Desktop Document Filing

Each user should organize desktop documents for easy future retrieval.

Document Backups

Important documents should be copied to prevent data loss.

Availability (IT)

Ensuring authorized users have prompt and easy access to information services.

Redundancy in IT

Building redundant systems, backup power, networking, and data storage to ensure systems remain available.

Disaster Recovery Plans

Clear plans for recovering data in case of disaster and attacks.

Incident Response

Protocols to quickly limit system downtime during security breaches/attacks.

Authenticity (Data)

Validating the source/origin of data and file transfers through proof of identity.

Authentication Process

Verifying identities by providing specific credentials.

Privilege List

Specifies access rights for a given subject.

Digital Signatures

Verifies transactions with private keys and public keys.

Logging

Records system activities to track who did what and when.

Third Parties

Verifies signer identity via a trusted entity.

Digital Signatures

Verifies sender identity using public-key cryptography.

Time-stamping

Records the precise time of a transaction.

Public Key Infrastructure (PKI)

Framework for issuing public and private keys.

Audit Trails

Detailed logs of document interactions.

WORM (Write Once Read Many)

Prevents alterations to log records.

Study Notes

• Module 2 discusses the five pillars of Information Security
• The learning outcome is to understand the Five Pillars of information Security

Introduction

• Computer systems comprising hardware, software, and data warrant security protection due to their inherent value.
• Computing devices can be involved in security incidents, regardless of their primary function
• Information security protects against and manages risks associated with the use, processing, storage, and transmission of data and information systems

Pillars of Information Security

• Confidentiality
• Integrity
• Availability
• Authentication
• Non-Repudiation

Confidentiality

• Confidentiality ensures assets are viewed only by authorized parties
• It involves high-level rules that limit access to all types of data and information
• It assures information is not disclosed to unauthorized individuals, groups, processes, or devices
• Authorized access to a data item is an example of failed confidentiality

Examples of Failed Confidentiality

• Accessing data items as an authorized person
• When an authorized process or program accesses data
• Authorized personnel access data outside their authorized scope such as a specialized version of an authorized data item
• Authorized personnel accessing approximate data such as confidential salary information
• An authorized person learning of a company’s new product development

Confidentiality Requirements include

• Implementing information classification
• Secure document storage
• Applying general security policies
• Educating information custodians and end-users
• Encryption to protect sensitive data at rest and in transit from unauthorized access which includes Caesar Cipher
• Using secure email networks that encrypt messages for authentication
• Implementing role-based access control (RBAC)
• Employing multi-factor authentication (biometric)
• Ensuring principle of least privilege
• Employing data masking to minimize exposure for non-administrators by masking or obfuscating critical information

Integrity

• Integrity ensures assets are modified only by authorized parties
• Accuracy and completeness of vital information must be safeguarded
• Integrity requires the information must be whole, complete, and uncorrupted
• Damages include corruption, damage, destruction, or other disruption of its authentic state
• Data corruption can happen during transmission or storage
• Viruses and worms corrupt data

Methods for detecting virus or worms

• Checking the file size
• File hashing; the file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a hash value
• An example of file hashing is MD5, SHA-1

How to use hashtaging command

• Open Command prompt or type CMD
• Type the command certutil -hashfile "path/to/your/file.txt" MD5
• This generates the MD5 hash value for the file path "path/to/your/file.txt"

Examples of ensuring integrity

• Implementing data Validation to ensure data is accurate, complete and up-to-date
• Implementing hashing algorithms to verify the integrity of the data and detect unauthorized alterations or tampering
• Deploying audit logs of data access and modifications to track unauthorized or suspicious activities

Availability

• Availability ensures that an asset can be used by any authorized parties
• Its means guaranteeing reliable access to information by authorized personnel
• Responsible users file desktop documents for easy access
• Hard copies should be filed securely and not left lying around
• Copies should be made to ensure important Documents are not lost
• Data is shared not only within organizations, but also to individuals outside the organization
• Email is a quick and easy way of sharing data, but information sent over the internet can be intercepted by hackers, compromising confidentiality
• Proper availability includes authorized users having easy access to information services
• IT resources and infrastructure should remain robust and fully-functional at all times during database issues and fall-overs
• Protection is required against malicious codes, hackers, and other threats that could block access to the information system

Examples of ensuring availability

• Building redundant systems such as backup power, networking, and data storage to ensure systems remain available
• Drafting disaster Recovery Plans clearly outline recovering data during attacks
• Establishing incident response to act quickly and limit system downtime during security breaches or attacks

Authenticity

• Authenticity confirms the sender's identity
• The source or origin of data is validated, and other file transfers through proof of identity
• Ensures the message was not corrupted and intercepted during transmission

The Authentication Process

• Users can verify their identities by providing specific credentials using Strong Authentication Protocol
• Login information (username and password)
• Biometric data
• Electronic or digital signature
• Authentication tokens
• Smart cards
• Authorization level: properly define and implement use of roles and permission to ensure of the authorized user can access sensitive systems and data
• Privilege List: A directory showing all permitted privileges or access rights for a given subject

Electronic Signature vs Digital Signature

• Electronic Signature Examples
• PDF Digital Signature Example
• Email Digital Signature Example

Non-Repudiation (or Accountability)

• Confirms that a sender cannot convincingly deny having sent something
• It proves the legitimacy of a message or data transfer by providing undeniable evidence of both authenticity and integrity
• It prevents someone from denying sent or received information

How Non-Repudiation Works

• Digital signatures where the customer signs a transaction with a private key
• The merchant can then verify with the customer’s public key
• Logging records who did what and when in a system
• Third parties such as a notary or forensic analyst verify the identity of the signer

Requirements include

• Using digital signatures by employing public-key cryptography to verify the identity of the sender as well as the message integrity.
• Applying time-stamping to record the exact time of a transaction to prevent backdating or future-dating
• Employing the Public Key Infrastructure (PKI) to establish a framework that issues public and private keys
• Logging Audit Trails to maintain detailed logs of all interactions with a document
• Using Storage facilities along w/ Write Once Read Many (WORM) drives to prevent unauthorized alterations to log records

Use cases

• E-commerce transactions ensure that customer cannot deny their purchase later
• In Business-to-Business transactions, senders and receivers alike cannot deny that they’ve sent of received a message
• Signing Contractual agreements where one cannot unilaterally deny the terms of the agreement after signing it

Definition of Non-Repudiation and Authenticity

• Authenticity is a process that ensures and confirms a user’s identity
• Non-repudiation refers to the assurance that the owner of a signature key pair capable of generating an existing signature corresponding to certain data cannot convincingly deny having signed the data

Security Property and Meaning

• Availability ensures information is ready for use and at the required performance level
• Integrity guarantees data and systems are only accessible or modifiable by authorized users
• Authentication validates that users are who they say they are (users/name, password, digital certificate)
• Confidentiality is a limit access policy (or places restrictions) on sensitive data like personally identifiable information or classified corporate data
• Non-repudiation ensures individuals cannot deny any action because a system provides proof of the action