Computer Security Definitions Quiz

Questions and Answers

Which security mechanism is designed to detect, prevent, or recover from a security attack?

Security Mechanism (correct)

Security Policy Enforcement

Intrusion Detection System

Vulnerability Assessment

What is the primary purpose of message authentication?

To encrypt the message content.

To protect against passive attacks by hiding the message's content.

To protect against active attacks by verifying message authenticity and integrity. (correct)

To ensure only the intended recipient can read the message.

Which of the following is NOT a key objective of computer security?

Availability

Scalability (correct)

Confidentiality

Integrity

Which security service ensures that data is not altered during transmission or storage?

Data Integrity

In the context of security incident management, what does the 'reaction' phase primarily involve?

Assessing the Damage and Implementing containment measures.

What is a digital certificate primarily used for?

Containing a key value and identifying information about the entity that controls the key.

Which of the following is an example of a preventive security control?

Data loss prevention systems

Which of the following aims to prove a messages authenticity?

A digital signature

Which term refers to the assurance that information and programs are altered only in a specified and authorized manner?

Data Integrity

What is the primary function of a security policy?

To provide a formal framework for securing a system or organization's resources

Which of the following best describes the concept of 'accountability' in the context of security?

Tracing actions back to their unique entity.

What is the key difference between 'computer security' and 'network security'?

Computer security is concerned with all data protection, while network security focuses on data transmission over a network.

Which term describes a potential security violation due to circumstances, actions, or events?

Threat

The assurance that individuals have control over what information related to them can be collected, stored, and disclosed is best described as?

Privacy

Which of the following is the best definition of a 'countermeasure' in the context of security?

An action taken to reduce security risks.

Which concept refers to the property of being able to trust a transmission or message?

Authenticity

Study Notes

Definitions

• Security: The quality or state of being secure; free from danger.
• Computer Security: Tools designed to protect data and stop hackers.
• Network Security: Measures to protect data during network transmission.
• Internet Security: Measures to protect data transmitted through interconnected networks.
• Information Security: Ensuring information risks and controls are balanced.
• Confidentiality: Protecting private information from unauthorized disclosure.
• Data Confidentiality: Ensuring private information isn't disclosed to unauthorized individuals
• Privacy: Individuals controlling information about them.
• Information risks and controls are balanced.
• Integrity: Ensuring information and programs are changed only in authorized ways.
• Data Integrity: Ensuring information and programs are altered only in specified ways.
• System Integrity: A system functioning as intended without unauthorized manipulation.
• Availability: Ensuring systems work promptly, and service isn't denied to authorized users.
• Authenticity: The property of being genuine and verifiable, trustworthiness.
• Accountability: Tracking actions of an entity uniquely to that entity.
• Security Policy: Formal statement of rules for securing systems and resources.
• Risk: Expectation of loss expressed as the probability of a threat exploiting a vulnerability.

Key Objectives of Computer Security

• Confidentiality: Protecting sensitive information.
• Integrity: Ensuring data's accuracy and trustworthiness.
• Availability: Ensuring access to authorized users.
• Authenticity: Verifying the source of data is genuine.
• Accountability: Tracing actions back uniquely to an entity.

Threat Consequences

• Confidentiality Threats: Unauthorized disclosure of information.
• Integrity Threats: Manipulation or falsification of data.
• Availability Threats: Interference with system operation.

OSI Security Architecture

• A framework for security services.
• Focuses on security breaches and how they can be addressed.
• Includes categories like authentication, data confidentiality, data integrity, and access controls.

Risk Assessment Process

• Steps involved in assessing security risks.
• Includes checking existing policies, analyzing and prioritizing resources, and considering business concerns.

Security Incident Management

• Handling security incidents involving preparation, action, and assessment.

Vulnerability Management Process

• The process of discovering, fixing, and deploying patches for software vulnerabilities.

Security Controls

• Preventive Controls: Actions taken to stop malicious activity from occurring.
• Detective Controls: Finding evidence of malicious activity.
• Corrective Controls: Fixing problems after malicious activity has occurred.

Cryptographic Tools

• Message Authentication Codes (MACs): Verifying messages.
• Secure Hash Functions: Hashing data for verification.
• Public Key Authentication: Verifying through public and private keys
• Protocols for Secure Communications: Methods for secure communication.

Description

Test your knowledge of essential computer security terminology. This quiz covers key concepts such as security, privacy, data integrity, and more. Challenge yourself to understand the various aspects of securing information in today's digital world.