Computer Security Fundamentals

Questions and Answers

What is the primary focus of computer security?

• Protecting computer hardware
• Developing new software
• Protecting the assets of a computer or computer system (correct)
• Improving computer performance

What is the term used to describe the ability to access computer-related assets only by authorized parties?

• Availability
• Security
• Integrity
• Confidentiality (correct)

What is meant by the modification of assets in the context of computer security?

• Denying access to the assets
• Only accessing the assets at inappropriate times
• Only reading or viewing the assets
• Writing, changing, changing status, deleting, or creating the assets (correct)

What is the term used to describe the prevention of access to computer-related assets?

Denial of Service (C)

What is the term used to describe the combination of confidentiality, integrity, and availability?

C-I-A Triad (A), Security Triad (C)

What determines the value of an asset in computer security?

Factors such as personal, time dependent, replicable or not, cost of loss (C)

What is the primary goal of computer security in relation to assets?

To protect the assets from unauthorized access (C)

What is the term used to describe the ability to access computer-related assets at appropriate times?

Availability (C)

What is a vulnerability in a security system?

A weakness in the security system, for example, in procedures, design, or implementation. (C)

What is a threat to a computing system?

A set of circumstances that has the potential to cause loss or harm. (C)

What is an attacker?

A human who exploits a vulnerability. (A)

What is a control in a security system?

An action, device, procedure, or technique that removes or reduces a vulnerability. (D)

What is an example of a nonhuman threat?

Natural disasters like fires or floods. (B)

What is an example of a nonmalicious harm?

Someone's accidentally spilling a soft drink on a laptop. (D)

What is an example of a malicious attack?

A malicious code posted on a website. (C)

What is an example of a random attack?

A malicious code posted on a website that could be visited by anybody. (D)

What is the reason why a malicious attacker performs an attack?

For fun and challenge (D)

What is one way to exploit a hardware vulnerability?

By adding devices to a system (C)

What is an example of a software alteration vulnerability?

The truncation of fractional interest on an account (D)

Why is hardware security usually the concern of a small staff?

Because they are professionals in a computing center (D)

What is an example of machinicide?

Physically harming computer hardware (B)

What is a method used by an attacker to succeed?

Having skills and knowledge (B)

What can enhance the security of hardware components?

Using simple physical measures (B)

What is an example of software deletion?

Accidentally erasing a file (B)

What kind of harm could a company experience from electronic espionage?

All of the above (D)

What is the main concern in preserving confidentiality, integrity, and availability of data?

Protection against interruption, interception, modification, and fabrication (B)

What is a key aspect of a program with high quality?

Security features to prevent unauthorized access (A)

Who might want to attack a program that displays the current time and temperature of a city?

All of the above (D)

What type of harm might an attacker want to cause to a program that allows consumers to order products from the web?

All of the above (D)

What is a potential vulnerability in a program that accepts and tabulates votes in an election?

All of the above (D)

Who might want to attack a program that allows a surgeon to assist in an operation remotely?

All of the above (D)

What type of control could be instituted to limit the vulnerability of a program that secretly leaks a list of employees' salaries?

All of the above (D)

What is the primary reason for controlling access to software?

To prevent software from being deleted or destroyed accidentally (B)

What is a type of software modification that causes it to fail or perform an unintended task?

Logic bomb (A)

What is a program that overtly does one thing while covertly doing another?

Trojan horse (C)

What is a specific type of Trojan horse that can spread its infection from one computer to another?

Virus (A)

What is a program that has a secret entry point?

Trapdoor (D)

What is an unauthorized copying of software?

Software theft (D)

Who is responsible for software security?

Programmers and analysts (C)

What is a code that makes information accessible to unauthorized people or programs?

Information leak (B)

Flashcards are hidden until you start studying

Study Notes

Computer Security

• Computer security is the protection of computer-related assets, including hardware, software, data, people, processes, or combinations of these.
• Assets can be valued based on factors such as personal, time-dependent, replicable, or cost of loss.

Computer Security Goals

• The three important aspects of computer security are confidentiality, integrity, and availability.
• Confidentiality ensures that assets are accessed only by authorized parties.
• Integrity means that assets can be modified only by authorized parties or only in authorized ways.
• Availability means that assets are accessible to authorized parties at appropriate times.

Vulnerabilities, Threats, Attacks, and Controls

• A vulnerability is a weakness in the security system that might be exploited to cause loss or harm.
• A threat is a set of circumstances that has the potential to cause loss or harm.
• An attacker is a human who exploits a vulnerability to perpetrate an attack on the system.
• A control is an action, device, procedure, or technique that removes or reduces a vulnerability.
• Harm is the negative consequence of an actualized threat.

Types of Threats

• Nonhuman threats include natural disasters, loss of electrical power, component failure, or attack by a wild boar.
• Human threats can be nonmalicious (accidental) or malicious (intentional).
• Malicious attacks can be random or directed.

Attacker Requirements

• A malicious attacker must have three things to succeed: method (skills, knowledge, tools), opportunity (time and access), and motive (reason to want to perform the attack).

Vulnerabilities of Computing Systems

Hardware Vulnerabilities

• Visible attack: adding, changing, removing, intercepting, or flooding devices with traffic.
• Physical attack: drenching with water, burning, freezing, gassing, or electrocuting with power surges.
• Machinicide: intentionally harming computer hardware or software.
• Simple physical measures like locks and guards can enhance hardware security.

Software Vulnerabilities

• Software alteration: exploiting software vulnerability, such as truncating fractional interest on an account.
• Software deletion: accidentally erasing a file or replacing a good copy of a program with a bad one.
• Software modification: causing software to fail or perform an unintended task, including logic bombs, Trojan horses, viruses, trapdoors, and information leaks.

Harm from Electronic Espionage or Unauthorized Viewing of Confidential Materials

• Examples of harm include theft of trade secrets, loss of competitive advantage, and legal liabilities.