Questions and Answers
What is a significant weakness of a web server that accepts all connections?
It does not require authentication
What is an assumption of a lock preventing unwanted physical access?
The physical access is not valuable
What does the policy assumption 'mechanisms prevent transition from secure to insecure states' imply?
The mechanisms are foolproof
What is the purpose of assurance in a system?
Signup and view all the answers
Why do you trust Aspirin from a major manufacturer?
Signup and view all the answers
What are the three main components of security?
Signup and view all the answers
What is the primary goal of confidentiality in computer security?
Signup and view all the answers
What is the term for a weakness in the system that could be exploited to cause loss or harm?
Signup and view all the answers
What type of threat involves unauthorized control of a part of a system?
Signup and view all the answers
What is the term for a statement of what is and what is not allowed in a system?
Signup and view all the answers
What is the primary goal of a security control?
Signup and view all the answers
What type of threat involves the unauthorized interception of information?
Signup and view all the answers
What is the term for a temporary inhibition of service?
Signup and view all the answers
What is the primary goal of assurance in computer security?
Signup and view all the answers
Study Notes
Information Assurance Overview
- Information assurance is a broad concept that encompasses various aspects of computer security
- It includes components of computer security, threats, vulnerabilities, attacks, and controls
- Policy and assurance are also crucial elements of information assurance
Security Components
- Confidentiality: keeping data and resources hidden from unauthorized parties
- Integrity: ensuring data and resources are accurate, complete, and not modified without authorization
- Availability: enabling access to data and resources when needed
Threat Terms
- Threat: a set of circumstances that has the potential to cause loss or harm
- Vulnerability: a weakness in the system that could be exploited to cause loss or harm
- Attack: when an entity exploits a vulnerability on a system
- Control: a means to prevent a vulnerability from being exploited
Classes of Threats
- Disclosure: unauthorized access to information
- Deception: acceptance of false data
- Disruption: interruption or prevention of correct operation
- Usurpation: unauthorized control of some part of a system
Common Threats
- Snooping: unauthorized interception of information
- Modification or alteration: unauthorized change of information
- Masquerading or spoofing: an impersonation of one entity by another
- Repudiation of origin: a false denial that an entity sent or created something
- Denial of receipt: a false denial that an entity received some information
- Delay: a temporary inhibition of service
- Denial of Service: a long-term inhibition of service
Policy and Mechanisms
- Policy: a statement of what is and what is not allowed
- Policy divides the world into secure and non-secure states
- A secure system starts in a secure state and all transitions keep it in a secure state
- Mechanism: a method, tool, or procedure for enforcing a security policy
Trust and Assumptions
- Policy assumptions: policy correctly divides world into secure and insecure states, and mechanisms prevent transition from secure to insecure states
- Assurance: evidence of how much to trust a system, including system specifications, design, implementation, and mappings between the levels
Key Points
- Securing a system requires looking at the big picture
- Main components of security include confidentiality, integrity, and availability
- Differentiating threats, vulnerabilities, attacks, and controls is crucial
- Policy and mechanism are distinct concepts
- Assurance is essential for trust in a system
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
