Computer Security Definitions Quiz

Questions and Answers

Which security mechanism is designed to detect, prevent, or recover from a security attack?

• Security Mechanism (correct)
• Security Policy Enforcement
• Intrusion Detection System
• Vulnerability Assessment

What is the primary purpose of message authentication?

• To encrypt the message content.
• To protect against passive attacks by hiding the message's content.
• To protect against active attacks by verifying message authenticity and integrity. (correct)
• To ensure only the intended recipient can read the message.

Which of the following is NOT a key objective of computer security?

• Availability
• Scalability (correct)
• Confidentiality
• Integrity

Which security service ensures that data is not altered during transmission or storage?

Data Integrity (B)

In the context of security incident management, what does the 'reaction' phase primarily involve?

Assessing the Damage and Implementing containment measures. (D)

What is a digital certificate primarily used for?

Containing a key value and identifying information about the entity that controls the key. (B)

Which of the following is an example of a preventive security control?

Data loss prevention systems (D)

Which of the following aims to prove a messages authenticity?

A digital signature (B)

Which term refers to the assurance that information and programs are altered only in a specified and authorized manner?

Data Integrity (C)

What is the primary function of a security policy?

To provide a formal framework for securing a system or organization's resources (C)

Which of the following best describes the concept of 'accountability' in the context of security?

Tracing actions back to their unique entity. (A)

What is the key difference between 'computer security' and 'network security'?

Computer security is concerned with all data protection, while network security focuses on data transmission over a network. (A)

Which term describes a potential security violation due to circumstances, actions, or events?

Threat (B)

The assurance that individuals have control over what information related to them can be collected, stored, and disclosed is best described as?

Privacy (A)

Which of the following is the best definition of a 'countermeasure' in the context of security?

An action taken to reduce security risks. (B)

Which concept refers to the property of being able to trust a transmission or message?

Authenticity (B)

Flashcards

Security

The quality or state of being secure; free from danger.

Computer Security

A collection of tools designed to protect data and thwart hackers.

Network Security

Measures to protect data during their transmission over a network.

Internet Security

Measures to protect data during their transmission over a collection of interconnected networks.

Information Security

A well-informed sense of assurance that the information risks and controls are in balance.

Data Confidentiality

Assures that private or confidential information is not disclosed to unauthorized individuals.

Privacy

Assures that individuals control what information related to them may be collected, stored, and disclosed.

Data Integrity

Assures that information and programs are changed only in a specified and authorized manner.

Security Mechanism

A mechanism designed to detect, prevent, or recover from a security attack.

Message Authentication

Verifies the authenticity and integrity of a message, preventing alteration during transmission.

Public Key Infrastructure (PKI)

A system integrating software, encryption methods, protocols, and legal frameworks for secure communication.

Digital Certificate

An electronic document confirming the identity of a key holder and its public key.

Digital Signature

An encrypted message mathematically proving authenticity and integrity, ensuring document immutability.

Confidentiality

Preserves the secrecy of information, preventing unauthorized access.

Integrity

Guarantees the accuracy and reliability of information, avoiding alteration.

Availability

Ensures continuous availability of resources and services.

Study Notes

Definitions

• Security: The quality or state of being secure; free from danger.
• Computer Security: Tools designed to protect data and stop hackers.
• Network Security: Measures to protect data during network transmission.
• Internet Security: Measures to protect data transmitted through interconnected networks.
• Information Security: Ensuring information risks and controls are balanced.
• Confidentiality: Protecting private information from unauthorized disclosure.
• Data Confidentiality: Ensuring private information isn't disclosed to unauthorized individuals
• Privacy: Individuals controlling information about them.
• Information risks and controls are balanced.
• Integrity: Ensuring information and programs are changed only in authorized ways.
• Data Integrity: Ensuring information and programs are altered only in specified ways.
• System Integrity: A system functioning as intended without unauthorized manipulation.
• Availability: Ensuring systems work promptly, and service isn't denied to authorized users.
• Authenticity: The property of being genuine and verifiable, trustworthiness.
• Accountability: Tracking actions of an entity uniquely to that entity.
• Security Policy: Formal statement of rules for securing systems and resources.
• Risk: Expectation of loss expressed as the probability of a threat exploiting a vulnerability.

Key Objectives of Computer Security

• Confidentiality: Protecting sensitive information.
• Integrity: Ensuring data's accuracy and trustworthiness.
• Availability: Ensuring access to authorized users.
• Authenticity: Verifying the source of data is genuine.
• Accountability: Tracing actions back uniquely to an entity.

Threat Consequences

• Confidentiality Threats: Unauthorized disclosure of information.
• Integrity Threats: Manipulation or falsification of data.
• Availability Threats: Interference with system operation.

OSI Security Architecture

• A framework for security services.
• Focuses on security breaches and how they can be addressed.
• Includes categories like authentication, data confidentiality, data integrity, and access controls.

Risk Assessment Process

• Steps involved in assessing security risks.
• Includes checking existing policies, analyzing and prioritizing resources, and considering business concerns.

Security Incident Management

• Handling security incidents involving preparation, action, and assessment.

Vulnerability Management Process

• The process of discovering, fixing, and deploying patches for software vulnerabilities.

Security Controls

• Preventive Controls: Actions taken to stop malicious activity from occurring.
• Detective Controls: Finding evidence of malicious activity.
• Corrective Controls: Fixing problems after malicious activity has occurred.

Cryptographic Tools

• Message Authentication Codes (MACs): Verifying messages.
• Secure Hash Functions: Hashing data for verification.
• Public Key Authentication: Verifying through public and private keys
• Protocols for Secure Communications: Methods for secure communication.

Description

Test your knowledge of essential computer security terminology. This quiz covers key concepts such as security, privacy, data integrity, and more. Challenge yourself to understand the various aspects of securing information in today's digital world.