Computer Security Overview

Questions and Answers

PDF Questions PDF Answers

Which characteristic of security ensures that a party cannot deny the authenticity of their actions?

Integrity

Authentication

Nonrepudiation (correct)

Confidentiality

In the context of the C-I-A triad, which option directly relates to the protection of data from unauthorized access?

Confidentiality (correct)

Authentication

Availability

Integrity

What does the formula 'Who + What + How = Yes/No' refer to in security?

Data encryption standards

Authentication process

Access Control Policy (correct)

Community access controls

Which of the following best describes integrity in the context of security?

The accurate representation of data throughout its lifecycle

Which of these is NOT considered part of the C-I-A triad?

Authentication

What does interception refer to in the context of threats?

Unauthorized access to an asset by an unauthorized party

Which option best describes the term modification?

Tampering or forging an asset by an unauthorized party

What is the result of an interruption in a system?

An asset becomes lost or unusable

Which of the following best exemplifies fabrication?

Creating counterfeit digital objects in a system

In the MOM framework, which element represents the reason behind a threat?

Motive

What can weak encryption lead to in a security context?

An unwarranted sense of protection

Which of the following is NOT considered a type of software control?

Performance-enhancing hardware

What is the purpose of development controls in software security?

To prevent software faults from becoming vulnerabilities

In the context of operating system and network controls, what does 'chmod' refer to?

A command for changing file permissions

Why is it important for software controls to influence usability?

To balance user accessibility with security measures

What is the main purpose of independent control programs?

To protect against specific types of vulnerabilities

What risk arises from improper use of encryption?

No impact on overall security

What does penetration testing aim to achieve in computer security?

To identify exploitable vulnerabilities within systems

What is the primary goal of computer security?

To protect the assets of a computer system

Which of the following is NOT considered an asset of a computer system?

Web browser

Which of the following best describes the C-I-A Triad?

A model for ensuring computer security through confidentiality, integrity, and availability

What term refers to weaknesses in a computer system that can be exploited by threats?

Vulnerabilities

In the context of computer security, what does 'access control' refer to?

The methods used to regulate who can view or use resources

Which of the following is considered a hardware asset in a computer security context?

Disk drives

What is an example of a software asset?

Antivirus utilities

Which of the following is NOT a category of data assets in computer security?

Operating system

Which control is an example of a physical control used to enhance security?

Guards at entry points

What principle emphasizes that security can be no stronger than its weakest component?

Principle of Weakest Link

Why is it important for users to be aware of security problems?

Increased understanding fosters compliance with security measures.

What is a critical aspect of the effectiveness of security controls?

Controls must be efficient and easy to use.

What is one of the potential weaknesses of relying solely on hardware or software for security?

They may not adapt quickly to new threats.

How can periodic reviews enhance security measures?

By adapting to evolving threats and vulnerabilities.

Which of the following does NOT fall under the category of controls to address vulnerabilities?

Community standards and expectations

What should be prioritized to maintain the effectiveness of security controls?

Ensuring that controls are frequently updated and used properly

Study Notes

What is Computer Security?

• Protects the assets of a computer system, including hardware, software, and data.

Assets

• Hardware: Computers, devices (disk drives, memory, printer), network gear.
• Software: Operating system, utilities (antivirus), commercial applications (word processing, photo editing), individual applications.
• Data: Documents, photos, music, videos, emails, class projects.

C-I-A Triad

• Confidentiality: Ensures that information is only accessible to authorized individuals.
• Integrity: Guarantees that data is accurate and has not been tampered with.
• Availability: Makes sure that information and resources are available to authorized users when needed.
• Authentication: The process of verifying the identity of a user or device.
• Nonrepudiation: Ensures that the sender of a message cannot deny having sent it.

Access Control

• Determines who has access to what resources and how they can access them.

Types of Harm

• Interception: Unauthorized access to data.
• Interruption: Loss, unavailability, or unusable state of a system asset.
• Modification: Tampering or forging of data.
• Fabrication: Creation of counterfeit objects on a system.

MOM (Method - Opportunity - Motive)

• Explores the means, opportunity, and motivation behind threats to security.

Controls Available

• Encryption: A way to protect data by transforming it into an unreadable format. If used improperly, it can have no effect or even degrade system performance.
• Software/Program Controls:
  • Internal program controls: Security restrictions within programs (example: access limitations in a database management program).
  • Operating system and network system controls: Security enforced by the operating system or network (example: chmod in UNIX).
  • Independent control programs: Applications that protect against vulnerabilities (example: password checkers, intrusion detection utilities, virus scanners).
• Development controls: Quality standards for designing, coding, testing, and maintaining software to prevent vulnerabilities (example: penetration testing).
• Hardware Controls: Devices and technologies used for security, including encryption implementations, access control locks, identity verification systems, firewalls, intrusion detection systems, and storage media controls.
• Policies and Procedures: Agreed-upon guidelines and rules among users (example: frequent password changes).
• Physical Controls: Measures to protect physical assets (example: locks, guards, backup copies, site planning).

Effectiveness of Controls

• Awareness of Problem: Users must understand the need for security to willingly comply with requirements.
• Likelihood of Use: Controls are only effective if they are used.
• Principle of Effectiveness: Controls must be efficient, easy to use, and appropriate.
• Overlapping Controls: Multiple controls may be used to address a single vulnerability.
• Periodic Review: Security measures must be constantly updated to stay ahead of threats.
• Principle of Weakest Link: Security can only be as strong as its weakest link.

Description

This quiz covers the fundamental aspects of computer security, including the key components like the C-I-A triad (Confidentiality, Integrity, Availability) and access control. Learn how to protect critical assets such as hardware, software, and data to ensure a secure computing environment.