Podcast
Questions and Answers
What is the primary focus of computer security?
What is the primary focus of computer security?
- Protecting computer hardware
- Developing new software
- Protecting the assets of a computer or computer system (correct)
- Improving computer performance
What is the term used to describe the ability to access computer-related assets only by authorized parties?
What is the term used to describe the ability to access computer-related assets only by authorized parties?
- Availability
- Security
- Integrity
- Confidentiality (correct)
What is meant by the modification of assets in the context of computer security?
What is meant by the modification of assets in the context of computer security?
- Denying access to the assets
- Only accessing the assets at inappropriate times
- Only reading or viewing the assets
- Writing, changing, changing status, deleting, or creating the assets (correct)
What is the term used to describe the prevention of access to computer-related assets?
What is the term used to describe the prevention of access to computer-related assets?
What is the term used to describe the combination of confidentiality, integrity, and availability?
What is the term used to describe the combination of confidentiality, integrity, and availability?
What determines the value of an asset in computer security?
What determines the value of an asset in computer security?
What is the primary goal of computer security in relation to assets?
What is the primary goal of computer security in relation to assets?
What is the term used to describe the ability to access computer-related assets at appropriate times?
What is the term used to describe the ability to access computer-related assets at appropriate times?
What is a vulnerability in a security system?
What is a vulnerability in a security system?
What is a threat to a computing system?
What is a threat to a computing system?
What is an attacker?
What is an attacker?
What is a control in a security system?
What is a control in a security system?
What is an example of a nonhuman threat?
What is an example of a nonhuman threat?
What is an example of a nonmalicious harm?
What is an example of a nonmalicious harm?
What is an example of a malicious attack?
What is an example of a malicious attack?
What is an example of a random attack?
What is an example of a random attack?
What is the reason why a malicious attacker performs an attack?
What is the reason why a malicious attacker performs an attack?
What is one way to exploit a hardware vulnerability?
What is one way to exploit a hardware vulnerability?
What is an example of a software alteration vulnerability?
What is an example of a software alteration vulnerability?
Why is hardware security usually the concern of a small staff?
Why is hardware security usually the concern of a small staff?
What is an example of machinicide?
What is an example of machinicide?
What is a method used by an attacker to succeed?
What is a method used by an attacker to succeed?
What can enhance the security of hardware components?
What can enhance the security of hardware components?
What is an example of software deletion?
What is an example of software deletion?
What kind of harm could a company experience from electronic espionage?
What kind of harm could a company experience from electronic espionage?
What is the main concern in preserving confidentiality, integrity, and availability of data?
What is the main concern in preserving confidentiality, integrity, and availability of data?
What is a key aspect of a program with high quality?
What is a key aspect of a program with high quality?
Who might want to attack a program that displays the current time and temperature of a city?
Who might want to attack a program that displays the current time and temperature of a city?
What type of harm might an attacker want to cause to a program that allows consumers to order products from the web?
What type of harm might an attacker want to cause to a program that allows consumers to order products from the web?
What is a potential vulnerability in a program that accepts and tabulates votes in an election?
What is a potential vulnerability in a program that accepts and tabulates votes in an election?
Who might want to attack a program that allows a surgeon to assist in an operation remotely?
Who might want to attack a program that allows a surgeon to assist in an operation remotely?
What type of control could be instituted to limit the vulnerability of a program that secretly leaks a list of employees' salaries?
What type of control could be instituted to limit the vulnerability of a program that secretly leaks a list of employees' salaries?
What is the primary reason for controlling access to software?
What is the primary reason for controlling access to software?
What is a type of software modification that causes it to fail or perform an unintended task?
What is a type of software modification that causes it to fail or perform an unintended task?
What is a program that overtly does one thing while covertly doing another?
What is a program that overtly does one thing while covertly doing another?
What is a specific type of Trojan horse that can spread its infection from one computer to another?
What is a specific type of Trojan horse that can spread its infection from one computer to another?
What is a program that has a secret entry point?
What is a program that has a secret entry point?
What is an unauthorized copying of software?
What is an unauthorized copying of software?
Who is responsible for software security?
Who is responsible for software security?
What is a code that makes information accessible to unauthorized people or programs?
What is a code that makes information accessible to unauthorized people or programs?
Flashcards are hidden until you start studying
Study Notes
Computer Security
- Computer security is the protection of computer-related assets, including hardware, software, data, people, processes, or combinations of these.
- Assets can be valued based on factors such as personal, time-dependent, replicable, or cost of loss.
Computer Security Goals
- The three important aspects of computer security are confidentiality, integrity, and availability.
- Confidentiality ensures that assets are accessed only by authorized parties.
- Integrity means that assets can be modified only by authorized parties or only in authorized ways.
- Availability means that assets are accessible to authorized parties at appropriate times.
Vulnerabilities, Threats, Attacks, and Controls
- A vulnerability is a weakness in the security system that might be exploited to cause loss or harm.
- A threat is a set of circumstances that has the potential to cause loss or harm.
- An attacker is a human who exploits a vulnerability to perpetrate an attack on the system.
- A control is an action, device, procedure, or technique that removes or reduces a vulnerability.
- Harm is the negative consequence of an actualized threat.
Types of Threats
- Nonhuman threats include natural disasters, loss of electrical power, component failure, or attack by a wild boar.
- Human threats can be nonmalicious (accidental) or malicious (intentional).
- Malicious attacks can be random or directed.
Attacker Requirements
- A malicious attacker must have three things to succeed: method (skills, knowledge, tools), opportunity (time and access), and motive (reason to want to perform the attack).
Vulnerabilities of Computing Systems
Hardware Vulnerabilities
- Visible attack: adding, changing, removing, intercepting, or flooding devices with traffic.
- Physical attack: drenching with water, burning, freezing, gassing, or electrocuting with power surges.
- Machinicide: intentionally harming computer hardware or software.
- Simple physical measures like locks and guards can enhance hardware security.
Software Vulnerabilities
- Software alteration: exploiting software vulnerability, such as truncating fractional interest on an account.
- Software deletion: accidentally erasing a file or replacing a good copy of a program with a bad one.
- Software modification: causing software to fail or perform an unintended task, including logic bombs, Trojan horses, viruses, trapdoors, and information leaks.
Harm from Electronic Espionage or Unauthorized Viewing of Confidential Materials
- Examples of harm include theft of trade secrets, loss of competitive advantage, and legal liabilities.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.