Computer Security Chapter 1

Questions and Answers

What is the primary focus of confidentiality in the context of the CIA Triad?

• Accessibility of assets at all times
• Limiting access to assets to authorized parties (correct)
• Modification of assets by any user
• Preserving the physical security of assets

Which of the following best describes integrity in the CIA Triad?

• The ability to access data anytime without delay
• The assurance that data can be modified by anyone without restrictions
• The guarantee that data is always available to anyone who requests it
• The state in which assets can only be modified by authorized parties in authorized ways (correct)

In the context of confidentiality, what does 'access' encompass?

• Interactions like reading, printing, and knowing the existence of the asset (correct)
• Only the ability to print or display data
• Only the ability to read data
• Preventing unauthorized users from knowing that an asset exists

Which term best describes a person, process, or program with respect to data access in the CIA Triad?

Subject (C)

What does the term 'availability' in the CIA Triad refer to?

Assets are accessible to authorized parties without delay (C)

Which of the following best defines computer security?

The protection of various assets of a computer system. (B)

What classification involves measures that allow recovery from damage to assets?

Reaction (B)

Which scenario is an example of detection in the context of cyber security?

An unauthorized transaction appears on a credit card statement. (B)

What is a common prevention measure in the physical world as described?

Locks on doors and window bars. (C)

What is the principle of Easiest Penetration in the context of security?

Intruders are expected to find and exploit the weakest access point. (C)

What does preserving the integrity of an item imply?

The item remains unmodified. (D)

Which aspect is NOT part of the integrity as recognized by Welke & Mayfield?

Accessibility at all times. (B)

What is meant by the availability of assets?

Assets are accessible at appropriate times to authorized parties. (C)

How is availability sometimes referred to?

Denial of service. (A)

Which definition applies to the concept of availability?

It must be present in usable form. (A)

What does the 'A' in the AAA framework stand for?

Authorization. (A)

What is the primary focus of the AAA system?

Managing user access and policies. (C)

Which of the following describes a legitimate user in the context of authentication?

A user whose identity has been verified. (D)

Which one of the following is NOT an acceptable modification of an item?

Modification by unauthorized processes. (D)

What ensures that errors in data can be identified and corrected?

Error detection and correction processes. (A)

Confidentiality ensures that assets can be modified by any party regardless of authorization.

False (B)

Integrity refers to the ability to create, modify, or delete assets only by authorized parties in authorized ways.

True (A)

Access in the context of confidentiality only includes reading and viewing documents.

False (B)

Availability ensures that authorized parties can access assets whenever they need them without delay.

True (A)

The CIA Triad refers only to the viewpoint of the user regarding data security.

False (B)

Computer security only includes the protection of hardware and software.

False (B)

In the context of computer security, the classification of prevention involves measures like encryption when making online purchases.

True (A)

Detection in cybersecurity refers to recovering assets after they have been damaged.

False (B)

Calling the police after a theft is an example of prevention in the context of physical security.

False (B)

A burglar alarm that activates during a break-in is an example of a detection measure.

True (A)

Integrity can only mean being unmodified and precise.

False (B)

Availability refers to the accessibility of assets to unauthorized parties.

False (B)

The AAA framework is used to manage user access and enforce user policies.

True (A)

Error detection and correction are recognized aspects of integrity by Welke & Mayfield.

True (A)

Denial of service (DoS) is a term associated with availability.

True (A)

An item can be modified in any way and still maintain its integrity.

False (B)

Consistency is not a factor in determining the integrity of an item.

False (B)

Authorized actions are essential for maintaining integrity as defined by Welke & Mayfield.

True (A)

Integrity can be achieved solely through computer systems without real-world implementation.

False (B)

The definition of availability includes being present in a non-usable form.

False (B)

Flashcards

Prevention in Security

Measures taken to stop damage to an asset before it happens. Like installing locks or using encryption.

Detection in Security

The process of identifying when, how, and by whom an asset was damaged or compromised. Including things like detecting unauthorized transactions or system changes.

Reaction in Security

Steps taken after a security breach or damage to an asset to recover or minimize the damage. Could involve replacing data, changing passwords, or reporting a crime.

Principle of Easiest Penetration

An intruder will likely use any available method and exploit the easiest security vulnerabilities to gain unauthorized access to a system or data.

Assets in Computer Systems

Valuable components of a computer system, including hardware, software, data, processes, storage media, and people.

Confidentiality

Ensures that computer-related assets are accessed only by authorized parties. This means that only those who have the right to access information can do so. It's about preventing unauthorized access, including reading, viewing, printing, or even knowing that the information exists.

Integrity

Focuses on ensuring that information is accurate and complete, and that it is not tampered with. This prevents unauthorized changes to data, preventing any modification except by authorized parties. It also includes ensuring the authenticity or truthfulness of the data.

Availability

Makes sure that authorized users can access information and resources when they need them, without any delay. This means ensuring the resources are available, reliable, and functioning properly.

CIA Triad

The combination of confidentiality, integrity, and availability. It's a crucial aspect of information security, ensuring that data is protected against unauthorized access, modifications, and disruptions.

Subject

A person, process, or program that attempts to access information or resources. This could be a user, a software program, or even a system process.

Data Integrity

Preserving the original state of an item, ensuring it's unchanged or modified in acceptable ways.

Authentication

Verifying the user's identity, ensuring they are who they claim to be.

Authorization

Defining what actions a user is allowed to perform based on their identity and role.

Authorized Actions

The principle that modifications to an item are restricted to authorized individuals or processes.

Separation and Protection of Resources

The separation and protection of data and resources to prevent unauthorized access.

Error Detection and Correction

Mechanisms to detect and correct errors that may occur during data processing.

AAA System

A security framework that focuses on three processes: authentication, authorization, and accounting.

Denial of Service (DoS)

A situation where an attacker intentionally prevents legitimate users from accessing a service or resource.

Easiest Penetration Principle

The principle that any available means will be used by an intruder to access a system, assuming they will go for the easiest route.

What are computer system assets?

Anything of value within a computer system, including hardware, software, data, processes, storage media, and people.

What is prevention in security?

Methods to prevent damage to a computer system asset before it occurs, like using locks or encryption.

What is detection in security?

Methods to detect when an asset has been damaged or compromised, including alarms, logs, and monitoring.

What is reaction in security?

Steps to take after a security breach has occurred to recover or minimize the damage, such as restoring backups or reporting the incident.

Separation & Protection of Resources

Protecting resources like data and systems from unauthorized access, ensuring they are separated and kept secure.

Error Detection & Correction

Mechanisms that detect and correct errors that may occur during data processing.

Study Notes

Chapter 1: Basic Security Concepts

• Computer security is the protection of computer system assets (items that have value).
• Asset types include hardware, software, data, processes, storage media, and people.
• The principle of easiest penetration means intruders will exploit the easiest available means.

Introduction

• Computer systems (hardware, software, and data) have value and need protection.
• Security protection is categorized into three areas:
  • Prevention: measures that stop damage
  • Detection: measures to identify when and how an asset is damaged.
  • Reaction: measures for recovering assets or damage.
• Physical world examples of these: prevention (locks), detection (alarms, cameras), reaction (repair, contacting police).
• Cyber world example of these: prevention (encryption), detection (unauthorized transactions), reaction (new card, recovering losses).

Security Goals - CIA Triad

• Confidentiality: Assets are only accessible to authorized parties (secrecy, privacy).
• Integrity: Assets can only be modified by authorized parties in authorized ways (accuracy, precision, unmodified, consistent, internally consistent, meaningful).
• Availability: Assets are accessible to authorized parties when needed without any delay (capacity, performance, usability).
• Security is achieved through a combination of these three areas, from the asset's point of view, not the user's.

Confidentiality

• Ensures that computer-related assets are accessed only by authorized parties.
• Also involves viewing, printing, and knowing that the asset exists, not just reading.
• A general pattern is that a person, process, or program is authorized to access a data item in a specific way. Subjects are the person/process/program; Objects are the data item; access modes are operations (read, write, execute); policies are the authorizations.

Integrity

• Assets can be modified only by authorized parties in authorized ways.
• Modification includes writing, changing status, deleting, and creating.
• Integrity means different things in various contexts (accurate, precise, unmodified).
• Specifically, authorized actions, separation and protection of resources, and error detection and correction are components of integrity. Welke & Mayfield recognize these three particular aspects.

Availability

• Assets are accessible to authorized parties at appropriate times.
• Access to particular sets of objects should not be prevented from person/system who has legitimate access.
• Availability is also characterized by its opposite, denial-of-service (DoS).
• Availability applies both to data and services and depends on capacity to meet needs. Availability is sometimes known by its opposite - denial of service (DoS). Definition of availability depends on these points: having enough capacity to meet service needs, being accessible to authorized parties at appropriate times, and not being prevented from people/systems with legitimate access to particular objects.

Other Protection Requirements

• The AAA (Authentication, Authorization, Accounting) system is from the user's perspective, not the asset's.
• It manages user access, enforces policies and privileges, and measures network resource consumption. Authentication determines who the user is, Authorization defines what the user can do, and Accounting tracks user activities and events.

Vulnerabilities and Threats

• A vulnerability is a weakness in a system's design, implementation, or procedures that can be exploited.
• Threats to a computing system are circumstances that have the potential to cause loss or harm.
• Security threats include interception, interruption, modification, and fabrication.

Computer Network Vulnerabilities

• Various vulnerabilities are listed relating to hardware, software, communication, and access controls. Specific vulnerabilities are identified in the context of hardware, software, communication lines and access controls.

Security Threats

• The CIA triad can be viewed from a different perspective, focusing on different types of harm caused to assets.
• Harm types are interception, interruption, modification, and fabrication. Detailed examples are provided in the notes and are linked back to the threats.

Examples of Security

• Examples are provided to illustrate interception, interruption, modification, and fabrication. The notes describe how these threats manifest in practical terms and involve examples such as destroying a hard disk, wiretapping, altering data files, adding records to a file, and inserting spurious messages in a network.

Description

Explore the fundamental concepts of computer security in this quiz based on Chapter 1. Learn about the importance of protecting computer system assets and the security goals defined by the CIA triad: Confidentiality, Integrity, and Availability. Test your understanding of prevention, detection, and reaction measures in both physical and cyber domains.