Computer Security Overview and Basic Concepts

Questions and Answers

What is the C-I-A Triad in computer security?

Control, Identification, Authorization

Confidentiality, Integrity, Availability (correct)

Consistency, Identification, Authorization

Confidentiality, Integrity, Authentication

Which of the following is considered an example of a hardware asset in computer security?

Word processing software

Disk drives (correct)

Photos

Emails

What does the term 'vulnerabilities' refer to in the context of computer security?

Unauthorized access to data

Weaknesses in a system that can be exploited (correct)

Unauthorized modification of data

Ensuring data availability

In the context of computer security, what does the term 'authentication' mean?

The process of ensuring that users are who they claim to be

What is the main goal of access control in computer security?

To restrict access to authorized users only

How are the values of computer system assets described in the text?

Personal, time-dependent, and often imprecise

What is the main purpose of a control in the context of computer security?

To remove or reduce vulnerabilities

In the context of computer security, what is the main role of a threat?

To cause loss or harm

What does the term 'interception' refer to in the context of computer security?

Unauthorized party gaining access to an asset

What is the key aspect addressed by confidentiality in computer security?

Unauthorized party accessing computer-related assets

Which term refers to a weakness in the security system that might be exploited to cause loss or harm?

Vulnerability

What does computer security aim to protect?

Confidentiality, integrity, and availability

Which of the following is considered a data asset in computer security?

Photos and videos

What does the term 'vulnerabilities' refer to in the context of computer security?

Weaknesses in the security system that might be exploited to cause harm or loss

What values are associated with computer system assets according to the text?

Personal, time-dependent, and often imprecise

What is the role of access control in computer security?

Restricting unauthorized access to resources

Which of the following is considered an example of a hardware asset in computer security?

Memory and printer

What is the term for a weakness in the security system that might be exploited to cause loss or harm?

Vulnerability

In the context of computer security, what is the main goal of confidentiality?

Ensuring assets are accessed only by authorized parties

What does the term 'fabrication' refer to in the context of computer security?

Unauthorized party creating counterfeit objects on a computing system

What is the main role of a control in the context of computer security?

Removing or reducing a vulnerability

What is the term for a special type of threat that is organized, directed, well financed, patient, and silent?

Advanced Persistent Threat (APT)

In computer security, what does the term 'interception' refer to?

Some unauthorized party gaining access to an asset

What is the term for the set of circumstances that has the potential to cause loss or harm in a computing system?

Threat

What does the term 'integrity' mean in the context of computer security?

'Assets can be modified only by authorized parties or only in authorized ways'

What is meant by 'availability' in the context of computer security?

Assets are accessible to authorized parties at appropriate times

What is the main aspect addressed by countermeasures in computer security?

An action, device, procedure, or technique that removes or reduces a vulnerability