Cybersecurity Concepts: CIA Triad Quiz

Questions and Answers

What does confidentiality ensure within the CIA triad?

• Assets are modified only by authorized parties.
• Assets can be accessed at any time by anyone.
• Assets are viewed only by authorized parties. (correct)
• Assets are available to unauthorized users.

Which of the following best defines integrity in the context of security?

• The ability to ensure that an asset is modified only by authorized parties. (correct)
• The ability to confirm the identity of a user.
• The ability to ensure that assets can be accessed by anyone.
• The ability to read assets at any time.

What does availability refer to in security systems?

• The confirmation of a sender's identity.
• The ability to deny access to unauthorized parties.
• The ability to modify assets as needed.
• The ability to ensure that assets can be accessed at appropriate times. (correct)

Which property does authentication refer to in communication networks?

The confirmation of the sender's identity. (B)

What is the purpose of auditability in security systems?

To trace all actions related to a given asset. (B)

Which of the following is not a part of the CIA triad but is often considered a critical aspect of security?

Authentication (B)

Which statement correctly describes nonrepudiation in security systems?

It ensures that once a transaction is sent, it cannot be denied. (B)

What is the relationship between authorization and authentication?

Authorization is meaningless without authentication. (D)

What best defines confidentiality in the context of the C-I-A triad?

The protection against unauthorized access to sensitive information. (C)

Which method is commonly used for ensuring the confidentiality of data?

Using encryption to secure data during transmission. (C)

What is the definition of integrity within the C-I-A triad?

The assurance that data is accurate and has not been altered without authorization. (A)

What impact does modification of data have on integrity?

It compromises the trustworthiness of the information. (D)

How is availability defined in the context of the C-I-A triad?

Having systems operational and accessible when needed by authorized users. (C)

What is an example of a threat that impacts availability?

A server being taken offline due to a cyberattack. (A)

Which type of attack primarily affects confidentiality?

Interception of data by unauthorized parties. (B)

What is the effect of unauthorized interception on the CIA triad?

It compromises the confidentiality of sensitive information. (D)

What is the primary goal of computer security?

To protect valuable assets (C)

Which of the following best defines a vulnerability in a system?

A weakness that could be exploited to cause harm (A)

What can be considered a threat to computing systems?

Natural disasters or human attacks (A)

How is the value of an asset determined?

By the asset owner's or user's perspective (C)

Which of the following factors does NOT typically affect asset value?

System performance (C)

What is meant by 'auditability' in security systems?

The ability to track actions and changes in the system (D)

What is the definition of integrity in the context of computer security?

Guaranteeing that data is accurate and unaltered (B)

Which of the following best describes availability in a security context?

Data is accessible to authorized users when needed (D)

Study Notes

CIA Triad

• Confidentiality: Restricts asset access to authorized parties only; includes "read"-type actions such as viewing, printing, and reading documents.
• Integrity: Ensures that only authorized parties can modify assets; involves writing, changing statuses, deleting, or creating information.
• Availability: Guarantees authorized parties can access assets when needed; a key concern is preventing denial of service.

Extended Security Properties

• Authentication: Confirms the identity of the sender in communication systems.
• Non-repudiation (Accountability): Ensures a sender cannot deny having sent something, providing accountability.
• Auditability: Allows tracing of all actions related to an asset to maintain oversight of data handling.
• Authorization: Determines if a user has the rights to access certain services; requires prior user authentication.

Perspectives on the CIA Triad

• Harm to assets can be analyzed through four actions: interception, interruption, modification, and fabrication.
• Interception implies unauthorized access to data, impacting confidentiality.
• Interruption results in assets becoming unavailable, affecting availability.
• Modification occurs when unauthorized parties alter data, compromising integrity.

Types of Harm Acts

• Interception: Unauthorized parties gain access, with possible examples including illicit data copying or wiretapping. Silent interception methods may leave no detectable traces.
• Interruption: Can manifest as loss or unavailability, such as destruction of devices or data files and OS failures, severely impacting availability.
• Modification: Involves tampering with assets, such as altering database values or tampering with transmitted data. Detection of such changes can vary in complexity, often eluding simple measures.

Asset Value Determination

• Asset value is subjective and influenced by the owner’s perspective rather than just monetary worth; may vary over time and can be imprecise.

Vulnerability-Threat-Control Paradigm

• The primary goal of computer security is to protect valuable assets by identifying how they may be harmed and establishing mitigation strategies.
• Vulnerability: Represents weaknesses in systems—procedures, designs, or implementations—that can be exploited to cause harm. Examples include failure to verify user identity before data access.
• Threats: Circumstances capable of causing loss or harm, such as human attacks, natural disasters, inadvertent human actions, or internal flaws in hardware or software.

Visual Illustrations

• Figures illustrate distinctions and relationships between threats, vulnerabilities, and security concepts, aiding in understanding computer security's framework.

Description

Test your understanding of the CIA Triad, which encapsulates the core principles of cybersecurity: confidentiality, integrity, and availability. This quiz focuses on how these properties ensure the security of sensitive information against various threats. Dive into the aspects that make these principles vital in protecting information systems.