38 Questions
What type of threat violates the availability security concept?
Malicious destruction of a hardware device
What is an example of a modification threat?
Changing values in a database
What security concept is violated when an unauthorized party creates a fabrication of counterfeit objects?
Authenticity
What is an example of an unauthorized party violating the integrity security concept?
Changing values in a database
What type of threat involves tampering with an asset?
Modification
What is the result of an unauthorized party not only accessing but tampering with an asset?
Modification
What is the primary concern of hardware security?
Physical safety of computing hardware
What is 'Machinicide'?
Intentional harm to computer hardware
How can hardware security be enhanced?
By using physical measures such as locks and guards
Who is typically responsible for hardware security?
A relatively small staff of computing center professionals
What is an example of a physical attack on hardware?
Drenching a computer with water
Why is hardware security important?
To protect against physical harm to devices
What type of attack involves adding devices to a system?
Visible attack
What is the primary focus of Section 1.3.4.1?
Hardware vulnerabilities
What is the primary goal of confidentiality in computer-related assets?
To ensure only authorized persons have access
What type of security measure is confidentiality?
Access control
What is the primary focus of confidentiality in computer-related assets?
Data secrecy
What is the opposite of confidentiality?
Transparency
What is the primary benefit of confidentiality in computer-related assets?
Increased data security
What is a potential consequence of a breach of confidentiality?
Un authorized access
What is the relationship between confidentiality and access control?
Confidentiality is a type of access control
What is the primary aim of confidentiality in computer-related assets?
To protect data from unauthorized access
What is the primary function of independent control programs?
To protect against specific types of vulnerabilities
What is an example of a hardware control that can assist in providing computer security?
Firewalls
What is the primary purpose of user policies and procedures?
To enforce procedures or policies among users
What type of control is used to prevent software faults from becoming exploitable vulnerabilities?
Development controls
What is an example of a simple control that can be achieved at essentially no cost but with tremendous effect?
Frequent changes of passwords
What type of control is used to protect each user from all other users?
Operating system and network system controls
What is the purpose of devices that verify users' identities?
To verify users' identities
What is the primary limitation of saving all old versions of a program as a control against accidental software deletion?
It is prohibitively expensive in terms of cost of storage
What is a potential harm that a company could experience from electronic espionage?
Financial loss due to unauthorized access to confidential information
What control could be instituted to limit the vulnerability of a program that leaks a list of employee names earning more than a certain amount?
Implementing access controls to restrict who can view the list
Which of the following is NOT a restatement of the concern over interruption, interception, modification, and fabrication?
Preserving authenticity
Is an application that is insecure but still functions correctly considered 'good'?
No, because security is a critical component of quality
Who might want to attack a program that displays a city's current time and temperature?
All of the above
What type of harm might an attacker want to cause to a program that allows consumers to order products from the web?
All of the above
What kind of vulnerability might an attacker exploit to cause harm to a program that accepts and tabulates votes in an election?
All of the above
What type of harm might an attacker want to cause to a program that allows a surgeon to assist in an operation remotely?
All of the above
Study Notes
Security Concepts
- Confidentiality ensures that computer-related assets are accessed only by authorized parties.
- Integrity ensures that assets are not modified without authorization.
- Availability ensures that assets are accessible and usable when needed.
Threats
- Unauthorized access, tampering, modification, or destruction of assets can compromise security.
- Examples of threats include:
- Malicious destruction of hardware devices
- Erasure of programs or data files
- Malfunction of operating system file managers
- Modification of data being transmitted electronically
- Creation of counterfeit objects on a computing system
Vulnerabilities
- Hardware vulnerabilities:
- Visible attacks (e.g., adding devices, changing them, removing them, intercepting traffic)
- Physical attacks (e.g., drenching with water, burning, freezing, gassing, electrocution)
- Machinicide (e.g., shooting with guns, stabbing with knives, smashing)
- Software vulnerabilities:
- Operating system and network system controls
- Independent control programs (e.g., password checkers, intrusion detection utilities, virus scanners)
- Development controls (e.g., quality standards for design, coding, testing, and maintenance)
Controls
- Hardware controls:
- Encryption implementations
- Locks or cables limiting access or deterring theft
- Devices to verify users' identities
- Firewalls
- Intrusion detection systems
- Circuit boards controlling access to storage media
- Software controls:
- Operating system and network system controls
- Independent control programs
- Development controls
- User policies and procedures:
- Enforcing procedures or policies among users
- Frequent changes of passwords
- Other controls to prevent accidental software deletion or unauthorized access
Learn about the fundamental principles of computer security, including confidentiality and access control.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free