Computer Security Threats
40 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the term for a circumstance or event that interrupts or prevents the correct operation of system services and functions?

  • Disruption (correct)
  • Obstruction
  • Misappropriation
  • Corruption
  • What is the result of an entity assuming unauthorized logical or physical control of a system resource?

  • Usurpation (correct)
  • Obstruction
  • Misuse
  • Corruption
  • What type of asset is an unencrypted USB drive an example of?

  • Network
  • Communication lines
  • Software
  • Hardware (correct)
  • What is the term for an action that causes a system component to perform a function or service that is detrimental to system security?

    <p>Misuse</p> Signup and view all the answers

    What is the term for a threat that negatively modifies system functions or data?

    <p>Corruption</p> Signup and view all the answers

    What is the category of assets that includes programs and applications?

    <p>Software</p> Signup and view all the answers

    What is the term for a threat action that interrupts the delivery of system services by hindering system operation?

    <p>Obstruction</p> Signup and view all the answers

    What is the term for a threat that results in an unauthorized entity controlling system services or functions?

    <p>Usurpation</p> Signup and view all the answers

    What is the primary goal of isolating public access systems from critical resources?

    <p>To prevent unauthorized access to critical resources</p> Signup and view all the answers

    How does encapsulation provide protection in object-oriented functionality?

    <p>By limiting access to internal structure of a data object</p> Signup and view all the answers

    What is the main advantage of a modular security design?

    <p>Easier modification of individual security modules</p> Signup and view all the answers

    What is the purpose of layering in security?

    <p>To provide multiple, overlapping protection approaches</p> Signup and view all the answers

    What is the principle of least astonishment in program design?

    <p>A program should always respond in the way that is least likely to astonish the user</p> Signup and view all the answers

    What is the main benefit of isolating security mechanisms?

    <p>Prevention of access to security mechanisms</p> Signup and view all the answers

    What is the relationship between encapsulation and isolation?

    <p>Encapsulation is a type of isolation</p> Signup and view all the answers

    What is the primary goal of isolating processes and files of individual users?

    <p>To prevent unauthorized access to individual files</p> Signup and view all the answers

    What is the primary concern of the confidentiality aspect of the security triad?

    <p>Preventing unauthorized access to data</p> Signup and view all the answers

    What type of threat is the fabrication of new files?

    <p>Integrity threat</p> Signup and view all the answers

    Which security area is concerned with protecting information systems from physical damage or disruption?

    <p>Physical and Environmental Protection</p> Signup and view all the answers

    What is the main purpose of Risk Assessment in the context of security requirements?

    <p>To identify vulnerabilities in information systems</p> Signup and view all the answers

    What is the primary concern of the availability aspect of the security triad?

    <p>Ensuring timely and reliable access to data</p> Signup and view all the answers

    Which standard enumerates 17 security-related areas about protecting the confidentiality, integrity, and availability of information systems?

    <p>FIPS 200</p> Signup and view all the answers

    What type of threat is the deletion of files, denying access to users?

    <p>Availability threat</p> Signup and view all the answers

    Which area of security requirements involves protecting information systems from unauthorized access?

    <p>Access Control</p> Signup and view all the answers

    What are the white boxes in an Attack Tree?

    <p>Categories that consist of one or more specific attack events (leaf nodes)</p> Signup and view all the answers

    What is the first step in devising security services and mechanisms?

    <p>Development of a security policy</p> Signup and view all the answers

    What is the goal of prevention in security implementation?

    <p>To have no successful attack</p> Signup and view all the answers

    What is an example of recovery in security implementation?

    <p>Using backup systems</p> Signup and view all the answers

    What is the primary concern of consumers of computer security services and mechanisms?

    <p>The belief that security measures work as intended</p> Signup and view all the answers

    What is the security aspect that involves ensuring that the security scheme really works?

    <p>Correctness/Assurance</p> Signup and view all the answers

    What are the three aspects of a comprehensive security strategy?

    <p>Specification/Policy, Implementation/Mechanisms, and Correctness/Assurance</p> Signup and view all the answers

    What is a critical factor to consider when developing a security policy?

    <p>The value of the assets being protected</p> Signup and view all the answers

    What does an attack tree represent?

    <p>A set of potential techniques for exploiting security vulnerabilities</p> Signup and view all the answers

    What is the purpose of the root node in an attack tree?

    <p>To represent the security incident that is the attack's goal</p> Signup and view all the answers

    What type of nodes are the final nodes on the paths outward from the root in an attack tree?

    <p>Leaf nodes</p> Signup and view all the answers

    What is the purpose of labeling branches with values in an attack tree?

    <p>To compare alternative attacks</p> Signup and view all the answers

    What is the motivation for using attack trees?

    <p>To effectively exploit the information available on attack patterns</p> Signup and view all the answers

    What can security analysts use attack trees to document?

    <p>Security attacks in a structured form</p> Signup and view all the answers

    What can an attack tree guide?

    <p>Both the design of systems and applications, and the choice and strength of countermeasures</p> Signup and view all the answers

    What is represented by the shaded boxes in an attack tree example?

    <p>The leaf nodes</p> Signup and view all the answers

    Study Notes

    Threats to Computer Systems

    • Corruption: Alters system operation by modifying system functions or data
    • Obstruction: Interrupts the delivery of system services by hindering system operation
    • Usurpation: An unauthorized entity assumes control of system resources or services
    • Disruption: A threat to availability or system integrity that interrupts system operation

    Assets of a Computer System

    • Hardware
    • Software
    • Data
    • Communication lines and networks

    Scope of Computer Security

    • Confidentiality: Protection of unauthorized access to data
    • Integrity: Protection of data from modification or deletion
    • Availability: Protection of data and systems from disruptions

    Threats to Computer System Assets

    • Hardware: Theft or disablement of equipment
    • Software: Unauthorized copies, modification, or deletion of software
    • Data: Unauthorized read, modification, or deletion of data
    • Communication lines and networks: Unauthorized access, modification, or disruption of communication

    Security Functional Requirements

    • 17 security-related areas defined in FIPS 200 for protecting confidentiality, integrity, and availability of information systems
    • Areas include access control, awareness and training, audit and accountability, and more

    Countermeasures

    • Isolation: Isolating public access systems from critical resources and isolating security mechanisms
    • Encapsulation: Protecting data and procedures by encapsulating them in a domain of their own
    • Modularity: Developing security functions as separate, protected modules
    • Layering: Using multiple, overlapping protection approaches
    • Least astonishment: Designing user interfaces to respond in a way that is least likely to astonish the user

    Attack Trees Mechanism

    • A hierarchical data structure representing potential techniques for exploiting security vulnerabilities
    • Root node represents the attack goal, and branches represent ways to achieve that goal
    • Subnodes define subgoals, and each subgoal may have its own set of subgoals

    Attack Trees Motivation

    • Effective exploitation of information on attack patterns
    • Documenting security attacks in a structured form that reveals key vulnerabilities
    • Guiding system design and application, and choice and strength of countermeasures

    Attack Trees Example

    • Analysis for an Internet banking authentication application
    • Root node is the objective of the attacker, and leaf nodes represent events that comprise the attacks

    Computer Security Strategies

    • Specification/policy: Defining what the security scheme is supposed to do
    • Implementation/mechanisms: How the security scheme is implemented
    • Correctness/assurance: Ensuring the security scheme works as intended

    Security Policy

    • Developing a security policy involves considering the value of assets, system vulnerabilities, and potential threats
    • Trade-offs between ease of use, cost of security, and cost of failure and recovery must be considered

    Security Implementation

    • Prevention: Ideal security scheme with no successful attack
    • Detection: Detecting security attacks when prevention is not feasible
    • Response: Responding to detected attacks to prevent further damage
    • Recovery: Recovering from security breaches by using backup systems or reloading correct data

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Chapter-1 Introduction.pdf

    Description

    This quiz covers different types of computer security threats, including corruption, obstruction, disruption, and usurpation. It explains how these threats can affect system operation and integrity.

    More Like This

    Use Quizgecko on...
    Browser
    Browser