40 Questions
What is the primary focus of computer security?
Protecting the assets of a computer or computer system
What is the term used to describe the ability to access computer-related assets only by authorized parties?
Confidentiality
What is meant by the modification of assets in the context of computer security?
Writing, changing, changing status, deleting, or creating the assets
What is the term used to describe the prevention of access to computer-related assets?
Denial of Service
What is the term used to describe the combination of confidentiality, integrity, and availability?
C-I-A Triad
What determines the value of an asset in computer security?
Factors such as personal, time dependent, replicable or not, cost of loss
What is the primary goal of computer security in relation to assets?
To protect the assets from unauthorized access
What is the term used to describe the ability to access computer-related assets at appropriate times?
Availability
What is a vulnerability in a security system?
A weakness in the security system, for example, in procedures, design, or implementation.
What is a threat to a computing system?
A set of circumstances that has the potential to cause loss or harm.
What is an attacker?
A human who exploits a vulnerability.
What is a control in a security system?
An action, device, procedure, or technique that removes or reduces a vulnerability.
What is an example of a nonhuman threat?
Natural disasters like fires or floods.
What is an example of a nonmalicious harm?
Someone's accidentally spilling a soft drink on a laptop.
What is an example of a malicious attack?
A malicious code posted on a website.
What is an example of a random attack?
A malicious code posted on a website that could be visited by anybody.
What is the reason why a malicious attacker performs an attack?
For fun and challenge
What is one way to exploit a hardware vulnerability?
By adding devices to a system
What is an example of a software alteration vulnerability?
The truncation of fractional interest on an account
Why is hardware security usually the concern of a small staff?
Because they are professionals in a computing center
What is an example of machinicide?
Physically harming computer hardware
What is a method used by an attacker to succeed?
Having skills and knowledge
What can enhance the security of hardware components?
Using simple physical measures
What is an example of software deletion?
Accidentally erasing a file
What kind of harm could a company experience from electronic espionage?
All of the above
What is the main concern in preserving confidentiality, integrity, and availability of data?
Protection against interruption, interception, modification, and fabrication
What is a key aspect of a program with high quality?
Security features to prevent unauthorized access
Who might want to attack a program that displays the current time and temperature of a city?
All of the above
What type of harm might an attacker want to cause to a program that allows consumers to order products from the web?
All of the above
What is a potential vulnerability in a program that accepts and tabulates votes in an election?
All of the above
Who might want to attack a program that allows a surgeon to assist in an operation remotely?
All of the above
What type of control could be instituted to limit the vulnerability of a program that secretly leaks a list of employees' salaries?
All of the above
What is the primary reason for controlling access to software?
To prevent software from being deleted or destroyed accidentally
What is a type of software modification that causes it to fail or perform an unintended task?
Logic bomb
What is a program that overtly does one thing while covertly doing another?
Trojan horse
What is a specific type of Trojan horse that can spread its infection from one computer to another?
Virus
What is a program that has a secret entry point?
Trapdoor
What is an unauthorized copying of software?
Software theft
Who is responsible for software security?
Programmers and analysts
What is a code that makes information accessible to unauthorized people or programs?
Information leak
Study Notes
Computer Security
- Computer security is the protection of computer-related assets, including hardware, software, data, people, processes, or combinations of these.
- Assets can be valued based on factors such as personal, time-dependent, replicable, or cost of loss.
Computer Security Goals
- The three important aspects of computer security are confidentiality, integrity, and availability.
- Confidentiality ensures that assets are accessed only by authorized parties.
- Integrity means that assets can be modified only by authorized parties or only in authorized ways.
- Availability means that assets are accessible to authorized parties at appropriate times.
Vulnerabilities, Threats, Attacks, and Controls
- A vulnerability is a weakness in the security system that might be exploited to cause loss or harm.
- A threat is a set of circumstances that has the potential to cause loss or harm.
- An attacker is a human who exploits a vulnerability to perpetrate an attack on the system.
- A control is an action, device, procedure, or technique that removes or reduces a vulnerability.
- Harm is the negative consequence of an actualized threat.
Types of Threats
- Nonhuman threats include natural disasters, loss of electrical power, component failure, or attack by a wild boar.
- Human threats can be nonmalicious (accidental) or malicious (intentional).
- Malicious attacks can be random or directed.
Attacker Requirements
- A malicious attacker must have three things to succeed: method (skills, knowledge, tools), opportunity (time and access), and motive (reason to want to perform the attack).
Vulnerabilities of Computing Systems
Hardware Vulnerabilities
- Visible attack: adding, changing, removing, intercepting, or flooding devices with traffic.
- Physical attack: drenching with water, burning, freezing, gassing, or electrocuting with power surges.
- Machinicide: intentionally harming computer hardware or software.
- Simple physical measures like locks and guards can enhance hardware security.
Software Vulnerabilities
- Software alteration: exploiting software vulnerability, such as truncating fractional interest on an account.
- Software deletion: accidentally erasing a file or replacing a good copy of a program with a bad one.
- Software modification: causing software to fail or perform an unintended task, including logic bombs, Trojan horses, viruses, trapdoors, and information leaks.
Harm from Electronic Espionage or Unauthorized Viewing of Confidential Materials
- Examples of harm include theft of trade secrets, loss of competitive advantage, and legal liabilities.
Learn about the protection of computer-related assets and the three important aspects of computer security: confidentiality, integrity, and availability.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free