Information Security Chapter 1: Overview

Questions and Answers

What is the primary goal of maintaining confidentiality in data transmission?

To ensure the data is available anytime and anywhere

To guarantee the integrity of the system

To ensure the accuracy of the data

To prevent unauthorized access to the data (correct)

What is system integrity responsible for?

Verifying the validity of the transmitted data

Guaranteeing that a system performs its operations in an unimpaired manner (correct)

Ensuring data is transmitted without modification

Assuring that systems work immediately and service is not denied

What is the main purpose of data availability?

To prevent unauthorized access to the data

To ensure that data is accessible anytime and anywhere (correct)

To guarantee that systems work immediately and service is not denied

To ensure that data is transmitted without modification

What does authenticity ensure in data transmission?

The validity of the transmitted data and its source

What is the purpose of accountability in a system?

To track the actions performed on a system

What aspect of data transmission ensures that data is received without modification?

Integrity

What is the primary goal of ensuring confidentiality in computer security?

To ensure that only authorized entities can access computer-related information and services

What is the definition of computer security according to NIST 1995?

The protection of computer systems and information from harm, theft, and unauthorized use

What is the primary focus of the 'availability' objective in computer security?

Ensuring that computer systems and resources are accessible and usable when needed

What is the term for the collection of techniques used to attain the objectives of preserving the integrity, availability, and confidentiality of information system resources?

Fundamental Security Design Principles

What is the primary goal of the 'integrity' objective in computer security?

Ensuring that data is accurate and reliable

What is the CIA triad comprised of?

Confidentiality, Integrity, and Availability

What is the primary benefit of using unique user identification and authentication?

To support accountability

What level of security breach impact would result in a significant harm to individuals but no loss of life?

Moderate

What type of data would have a high integrity rating?

A hospital patient's allergy information

What type of system would require high availability?

Authentication services for critical system

What confidentiality rating would be assigned to student enrollment information?

Moderate

What is the primary purpose of the US FERPA Act?

To limit access to student grade information to authorized individuals

What is the primary goal of computer security mechanisms?

To prevent attacks and minimize risks

What is the concept of 'economy of mechanism' in security design?

Designing security measures as simple as possible

What is the primary objective of an attack tree?

To guide security design and strengthen countermeasures

What is the term for the reachable and available vulnerabilities in a system?

Attack surface

What is the principle of 'least privilege' in security design?

Granting users minimum access privileges

What is the main benefit of using a layered security approach?

Increasing security through multiple overlapping protection approaches

What is the primary focus of security policy?

Specifying security requirements and objectives

What is the term for the process of assessing the scale and severity of threats?

Attack analysis

What is the primary goal of security design principles?

To prevent security flaws and risks

What is the concept of 'psychological acceptability' in security design?

Designing security mechanisms that do not interfere with users' work