Computer Security Principles
38 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What type of threat violates the availability security concept?

  • Malicious destruction of a hardware device (correct)
  • Tampering with an asset
  • Creating a fabrication of counterfeit objects
  • Unauthorized access to an asset
  • What is an example of a modification threat?

  • Erasure of a program
  • Unauthorized access to an asset
  • Changing values in a database (correct)
  • Malfunction of an operating system file manager
  • What security concept is violated when an unauthorized party creates a fabrication of counterfeit objects?

  • Integrity
  • Authenticity (correct)
  • Confidentiality
  • Availability
  • What is an example of an unauthorized party violating the integrity security concept?

    <p>Changing values in a database</p> Signup and view all the answers

    What type of threat involves tampering with an asset?

    <p>Modification</p> Signup and view all the answers

    What is the result of an unauthorized party not only accessing but tampering with an asset?

    <p>Modification</p> Signup and view all the answers

    What is the primary concern of hardware security?

    <p>Physical safety of computing hardware</p> Signup and view all the answers

    What is 'Machinicide'?

    <p>Intentional harm to computer hardware</p> Signup and view all the answers

    How can hardware security be enhanced?

    <p>By using physical measures such as locks and guards</p> Signup and view all the answers

    Who is typically responsible for hardware security?

    <p>A relatively small staff of computing center professionals</p> Signup and view all the answers

    What is an example of a physical attack on hardware?

    <p>Drenching a computer with water</p> Signup and view all the answers

    Why is hardware security important?

    <p>To protect against physical harm to devices</p> Signup and view all the answers

    What type of attack involves adding devices to a system?

    <p>Visible attack</p> Signup and view all the answers

    What is the primary focus of Section 1.3.4.1?

    <p>Hardware vulnerabilities</p> Signup and view all the answers

    What is the primary goal of confidentiality in computer-related assets?

    <p>To ensure only authorized persons have access</p> Signup and view all the answers

    What type of security measure is confidentiality?

    <p>Access control</p> Signup and view all the answers

    What is the primary focus of confidentiality in computer-related assets?

    <p>Data secrecy</p> Signup and view all the answers

    What is the opposite of confidentiality?

    <p>Transparency</p> Signup and view all the answers

    What is the primary benefit of confidentiality in computer-related assets?

    <p>Increased data security</p> Signup and view all the answers

    What is a potential consequence of a breach of confidentiality?

    <p>Un authorized access</p> Signup and view all the answers

    What is the relationship between confidentiality and access control?

    <p>Confidentiality is a type of access control</p> Signup and view all the answers

    What is the primary aim of confidentiality in computer-related assets?

    <p>To protect data from unauthorized access</p> Signup and view all the answers

    What is the primary function of independent control programs?

    <p>To protect against specific types of vulnerabilities</p> Signup and view all the answers

    What is an example of a hardware control that can assist in providing computer security?

    <p>Firewalls</p> Signup and view all the answers

    What is the primary purpose of user policies and procedures?

    <p>To enforce procedures or policies among users</p> Signup and view all the answers

    What type of control is used to prevent software faults from becoming exploitable vulnerabilities?

    <p>Development controls</p> Signup and view all the answers

    What is an example of a simple control that can be achieved at essentially no cost but with tremendous effect?

    <p>Frequent changes of passwords</p> Signup and view all the answers

    What type of control is used to protect each user from all other users?

    <p>Operating system and network system controls</p> Signup and view all the answers

    What is the purpose of devices that verify users' identities?

    <p>To verify users' identities</p> Signup and view all the answers

    What is the primary limitation of saving all old versions of a program as a control against accidental software deletion?

    <p>It is prohibitively expensive in terms of cost of storage</p> Signup and view all the answers

    What is a potential harm that a company could experience from electronic espionage?

    <p>Financial loss due to unauthorized access to confidential information</p> Signup and view all the answers

    What control could be instituted to limit the vulnerability of a program that leaks a list of employee names earning more than a certain amount?

    <p>Implementing access controls to restrict who can view the list</p> Signup and view all the answers

    Which of the following is NOT a restatement of the concern over interruption, interception, modification, and fabrication?

    <p>Preserving authenticity</p> Signup and view all the answers

    Is an application that is insecure but still functions correctly considered 'good'?

    <p>No, because security is a critical component of quality</p> Signup and view all the answers

    Who might want to attack a program that displays a city's current time and temperature?

    <p>All of the above</p> Signup and view all the answers

    What type of harm might an attacker want to cause to a program that allows consumers to order products from the web?

    <p>All of the above</p> Signup and view all the answers

    What kind of vulnerability might an attacker exploit to cause harm to a program that accepts and tabulates votes in an election?

    <p>All of the above</p> Signup and view all the answers

    What type of harm might an attacker want to cause to a program that allows a surgeon to assist in an operation remotely?

    <p>All of the above</p> Signup and view all the answers

    Study Notes

    Security Concepts

    • Confidentiality ensures that computer-related assets are accessed only by authorized parties.
    • Integrity ensures that assets are not modified without authorization.
    • Availability ensures that assets are accessible and usable when needed.

    Threats

    • Unauthorized access, tampering, modification, or destruction of assets can compromise security.
    • Examples of threats include:
      • Malicious destruction of hardware devices
      • Erasure of programs or data files
      • Malfunction of operating system file managers
      • Modification of data being transmitted electronically
      • Creation of counterfeit objects on a computing system

    Vulnerabilities

    • Hardware vulnerabilities:
      • Visible attacks (e.g., adding devices, changing them, removing them, intercepting traffic)
      • Physical attacks (e.g., drenching with water, burning, freezing, gassing, electrocution)
      • Machinicide (e.g., shooting with guns, stabbing with knives, smashing)
    • Software vulnerabilities:
      • Operating system and network system controls
      • Independent control programs (e.g., password checkers, intrusion detection utilities, virus scanners)
      • Development controls (e.g., quality standards for design, coding, testing, and maintenance)

    Controls

    • Hardware controls:
      • Encryption implementations
      • Locks or cables limiting access or deterring theft
      • Devices to verify users' identities
      • Firewalls
      • Intrusion detection systems
      • Circuit boards controlling access to storage media
    • Software controls:
      • Operating system and network system controls
      • Independent control programs
      • Development controls
    • User policies and procedures:
      • Enforcing procedures or policies among users
      • Frequent changes of passwords
      • Other controls to prevent accidental software deletion or unauthorized access

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Cs 1.pdf

    Description

    Learn about the fundamental principles of computer security, including confidentiality and access control.

    More Like This

    Use Quizgecko on...
    Browser
    Browser