Computer Security Fundamentals
14 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is a significant weakness of a web server that accepts all connections?

  • It does not require authentication (correct)
  • It has high overhead costs
  • It has inadequate physical security
  • It is not connected to the internet

    • What is an assumption of a lock preventing unwanted physical access?

  • The lock prevents all physical access
  • The lock is never used
  • The lock is tamper-proof
  • The physical access is not valuable (correct)

    • What does the policy assumption 'mechanisms prevent transition from secure to insecure states' imply?

  • The system can transition from secure to insecure states
  • The system is completely secure
  • The mechanisms are foolproof (correct)
  • The system is never in an insecure state

    • What is the purpose of assurance in a system?

    <p>To provide evidence of how much to trust a system</p> Signup and view all the answers

    Why do you trust Aspirin from a major manufacturer?

    <p>Because FDA certifies the aspirin recipe</p> Signup and view all the answers

    What are the three main components of security?

    <p>Confidentiality, Integrity, Availability</p> Signup and view all the answers

    What is the primary goal of confidentiality in computer security?

    <p>Keeping data and resources hidden from unauthorized access</p> Signup and view all the answers

    What is the term for a weakness in the system that could be exploited to cause loss or harm?

    <p>Vulnerability</p> Signup and view all the answers

    What type of threat involves unauthorized control of a part of a system?

    <p>Usurpation</p> Signup and view all the answers

    What is the term for a statement of what is and what is not allowed in a system?

    <p>Policy</p> Signup and view all the answers

    What is the primary goal of a security control?

    <p>To prevent a vulnerability from being exploited</p> Signup and view all the answers

    What type of threat involves the unauthorized interception of information?

    <p>Snooping</p> Signup and view all the answers

    What is the term for a temporary inhibition of service?

    <p>Delay</p> Signup and view all the answers

    What is the primary goal of assurance in computer security?

    <p>To provide confidence that a system meets its security requirements</p> Signup and view all the answers

    Study Notes

    Information Assurance Overview

    • Information assurance is a broad concept that encompasses various aspects of computer security
    • It includes components of computer security, threats, vulnerabilities, attacks, and controls
    • Policy and assurance are also crucial elements of information assurance

    Security Components

    • Confidentiality: keeping data and resources hidden from unauthorized parties
    • Integrity: ensuring data and resources are accurate, complete, and not modified without authorization
    • Availability: enabling access to data and resources when needed

    Threat Terms

    • Threat: a set of circumstances that has the potential to cause loss or harm
    • Vulnerability: a weakness in the system that could be exploited to cause loss or harm
    • Attack: when an entity exploits a vulnerability on a system
    • Control: a means to prevent a vulnerability from being exploited

    Classes of Threats

    • Disclosure: unauthorized access to information
    • Deception: acceptance of false data
    • Disruption: interruption or prevention of correct operation
    • Usurpation: unauthorized control of some part of a system

    Common Threats

    • Snooping: unauthorized interception of information
    • Modification or alteration: unauthorized change of information
    • Masquerading or spoofing: an impersonation of one entity by another
    • Repudiation of origin: a false denial that an entity sent or created something
    • Denial of receipt: a false denial that an entity received some information
    • Delay: a temporary inhibition of service
    • Denial of Service: a long-term inhibition of service

    Policy and Mechanisms

    • Policy: a statement of what is and what is not allowed
    • Policy divides the world into secure and non-secure states
    • A secure system starts in a secure state and all transitions keep it in a secure state
    • Mechanism: a method, tool, or procedure for enforcing a security policy

    Trust and Assumptions

    • Policy assumptions: policy correctly divides world into secure and insecure states, and mechanisms prevent transition from secure to insecure states
    • Assurance: evidence of how much to trust a system, including system specifications, design, implementation, and mappings between the levels

    Key Points

    • Securing a system requires looking at the big picture
    • Main components of security include confidentiality, integrity, and availability
    • Differentiating threats, vulnerabilities, attacks, and controls is crucial
    • Policy and mechanism are distinct concepts
    • Assurance is essential for trust in a system

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers the basics of computer security, including components, threats, vulnerabilities, and controls. It also explores confidentiality, integrity, and availability.

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser