Computer Security and Cybersecurity Overview

Questions and Answers

What is the average number of DDoS attacks that Microsoft mitigates daily?

1,500

2,000

1,700 (correct)

1,200

Which of the following is NOT a tool used to maintain confidentiality?

Data Redundancy (correct)

Access Control

Authentication

Encryption

What impact did data breaches have in terms of individuals affected in 2023?

300 million

150 million

349 million (correct)

400 million

Which aspect of the C.I.A triad does confidentiality primarily focus on?

Prevention of unauthorized access

What is the primary goal of integrity in the context of cybersecurity?

Maintaining data trustworthiness

Which of the following categories reported the highest number of reports to the Consumer Sentinel Network in 2023?

Fraud

What is required for effective access control?

Rules and policies on need to know

Which of the following best describes authentication in cybersecurity?

Establishing the identity or role of a user

Which of the following best describes the core focus of cybersecurity?

The protection of cyber-physical systems and information.

What is a primary difference between privacy and security?

Privacy can exist without any security measures.

Which of the following positions is projected to be in high demand due to a shortage of cybersecurity experts?

Incident response specialist

Which characteristic makes protecting information particularly challenging?

Information is often stored on portable devices.

Which sector is NOT explicitly mentioned as part of cybersecurity's scope?

Artificial intelligence security

Which phrase accurately reflects the relationship between security and privacy?

A lack of security can lead to a violation of privacy.

Which of the following best describes the concept of cybercrime?

Any illegal activity performed through digital means.

What is a potential risk associated with cybersecurity breaches?

Loss of access to digital assets.

What does the principle of least common mechanism aim to achieve?

Minimize functions shared by different users for mutual security

Why should special privileges be restricted to necessary activities?

To prevent unauthorized access to resources

What is an implication of security mechanisms being improperly intrusive?

Users may disable the security mechanisms due to inconvenience

What does isolation in security design primarily ensure?

Sensitive information is protected from unauthorized disclosure or tampering

How does encapsulation function in security design?

By separating and protecting object functionalities within a system

What issue might arise if security procedures do not align with a user's mental model?

Users are likely to make errors and bypass correct procedures

What role do explicit permissions play in a secure system?

They ensure that users have no access unless granted specifically

Which design principle directly addresses the need to limit exposure of sensitive information?

Isolation

Study Notes

Computer Security Definition

• Security is the state of being free from danger or threat.
• Real-world security involves protecting valuables, including physical objects (money, jewelry, cars), individuals, and access to specific locations.
• Security implies that an item or resource is considered secure if unauthorized individuals cannot access, harm, or utilize it without permission.

Computer Security

• Information is the sole form of digital asset.
• Protecting information is challenging due to its storage on small, portable devices and the possibility of electronic access.
• The internet has significantly amplified the difficulty in protecting information.

Cybersecurity

• Previously referred to as "computer security," it now encompasses the protection of cyber-physical systems.
• Includes areas such as IT security, e-government security, industrial control system security, connected healthcare security, transportation security, and financial systems security.

Need for Cybersecurity Experts

• Qatar has implemented a cybercrime law and established specialized agencies like MOI and NCSA.
• A projected shortage of 1.5 million cybersecurity experts exists in the US alone by 2019.
• Specialized roles in cybersecurity include security analyst, incident response specialist, ethical hacking consultant, forensics expert, and security architect.

Privacy vs. Security

• Privacy refers to the right to control personal information.
• Security protects information from unauthorized access, use, disclosure, disruption, modification, or destruction.
• Privacy and security are distinct but related concepts; having one does not automatically imply the other.

Cybersecurity and Real-World Examples

• Emphasizes questions about the realistic possibility of cybersecurity threats.
• Demonstrates the reality of attacks through the example of Microsoft mitigating 1700 DDoS attacks per day.
• Highlights prominent targets of DDoS attacks, including Amazon Web Services (AWS), GitHub, and Dyn.

Common Cybersecurity Attacks

• Personal Data Breaches:
  • In 2023, 349,221,481 individuals were affected by data breaches.
  • The Consumer Sentinel Network received over 5.5 million reports, including 2,606,042 fraud, 1,036,955 identity theft, and 1,905,717 other reports.

Security Goals: CIA Triad

• Confidentiality: Protecting information from unauthorized disclosure.
• Integrity: Ensuring the trustworthiness of information by preventing unauthorized modifications.
• Availability: Guaranteeing reliable access to information when needed.

Confidentiality

• Confidentiality means keeping information secret by preventing unauthorized access.
• It encompasses protecting data and providing access only to authorized individuals.

Tools for Confidentiality: Encryption

• Encryption transforms information using an encryption key, making it unreadable without the decryption key.

Tools for Confidentiality: Access Control

• Access control uses rules and policies to restrict information access to authorized individuals or systems with a "need to know."
• "Need to know" is determined by factors such as identity (name or serial number) and role (manager or security specialist).

Tools for Confidentiality: Authentication

• Authentication verifies someone's identity or role.
• Methods include something the person has (smart card), something the person knows (password), and something the person is (fingerprint).

Integrity

• Integrity ensures the trustworthiness of information by preventing unauthorized changes.
• Each role is assigned necessary permissions to perform its functions.
• Permission specifies access to specific resources (read/write file access).
• Access is granted explicitly; otherwise, access is denied.
• Systems or administrators with special privileges should only have them when needed.

Design Principles: Least Common Mechanism

• Minimizes shared functions between users for mutual security.
• Reduces unintended communication paths and shared hardware/software dependencies.
• Aids in verifying the absence of undesirable security implications.

Design Principles: Psychological Acceptability

• Security mechanisms should not interfere with user work while fulfilling authorization needs.
• Transparent security mechanisms should not be intrusive or burdensome.
• Security procedures should align with a user's mental model of protection for better usability.

Design Principles: Isolation

• Public access systems should be isolated from critical resources to prevent disclosure or tampering.
• High-sensitivity information should be limited to specific systems and isolated physically or logically.
• Physical isolation ensures no connection between public access information and critical information.
• User processes and files should be isolated except when explicitly desired.

Design Principles: Encapsulation

• Form of isolation based on object-oriented functionality.

Description

This quiz explores the definitions and importance of computer security and cybersecurity. It examines the challenges associated with protecting digital assets and the various domains within cybersecurity. Test your knowledge on how security measures can protect information and systems from unauthorized access and threats.