Information Security vs. Cyber Security

Questions and Answers

What is the primary goal of information security?

• To ensure all data is freely accessible to everyone.
• To maximize the speed and efficiency of data processing.
• To eliminate the need for cybersecurity measures.
• To protect information from unauthorized access, use, disclosure, disruption, modification, or destruction. (correct)

Which of the following best describes the scope of information security compared to cybersecurity?

• Cybersecurity focuses on physical security, while information security focuses on digital security.
• Information security is broader, encompassing digital, physical, and other formats. (correct)
• Both terms are interchangeable and have the same scope.
• Cybersecurity is broader, encompassing all forms of information.

Which of the following actions is considered an example of 'unauthorized use' in the context of information security?

• Sharing a company presentation at a public conference.
• Accessing a restricted file with proper credentials.
• Using a system for purposes not permitted by the owner. (correct)
• Making a backup copy of a database for disaster recovery.

Which of the following represents the correct relationship between threats, attacks, and assets in information security?

Threats are potential actions, attacks are carried out, and assets are the objects. (D)

According to the Committee on National Security Systems (CNSS), what does information security primarily aim to protect?

Information and its critical elements, including systems and hardware. (A)

Which of the following goals is NOT a primary focus of security measures?

Exploitation (A)

Which of the following is LEAST likely to be considered a security measure?

Disabling automatic software updates. (A)

What event led to the initial development of computer security measures during World War II?

The need to safeguard mainframes used for computations in sensitive military locations. (C)

In the early history of information security, what was one of the first documented problems encountered?

Accidental exposure of password files due to software glitches (D)

Which factor primarily led to the increased need for computer and information security in modern computing environments?

Networking and interconnection of information systems (D)

What constitutes personnel security in the context of organizational security layers?

Safeguarding authorized individuals within the organization and its operations. (D)

Which component is NOT part of the CIA triad?

Accountability (B)

In the context of information security, what is an 'exploit'?

A method used to take advantage of a vulnerability. (B)

Which of the following components of an information system is often considered the most difficult to secure?

Software (C)

Why are 'people' often considered the weakest link in an organization's information security?

People can be manipulated or make unintentional errors that compromise security. (C)

What type of security attack involves an attacker gaining access to private conversations or transferred files?

Release of message contents (D)

Which of the following is a characteristic of a 'passive attack'?

It involves monitoring transmissions to obtain information. (C)

Which type of active attack involves an attacker pretending to be someone else to gain unauthorized access?

Masquerade (C)

What type of attack is characterized by making a system resource unavailable or unusable?

Interruption (B)

An unauthorized party gains access to information being transmitted across a network. What type of attack is this?

Interception (A)

Which of the following attacks directly violates the security principle of integrity?

Data modification (C)

In what type of attack does an unauthorized party insert false information into a system?

Fabrication (B)

Which key characteristic of information ensures that it reflects the true state without errors?

Accuracy (A)

What is the primary function of the ITU-T X.800 security architecture?

To offer a framework for defining security requirements and approaches. (C)

What is the primary goal of the authentication service as defined by ITU-T X.800?

To confirm the identity of communicating parties and ensure connection integrity (B)

Which security service controls who can have access to a resource and under what conditions, according to ITU-T X.800?

Access control (C)

Which security service ensures that data received is exactly as sent by an authorized entity?

Data integrity (B)

What is the main goal of nonrepudiation in security services?

To provide protection against denial by one of the entities involved in a communication. (B)

What security service confirms that a system is accessible and usable upon demand by an authorized entity?

Availability (B)

Which security mechanism transforms plaintext into ciphertext?

Encipherment (C)

What is the role of a 'key' in encryption?

It is a secret value used by encryption and decryption algorithms (C)

In symmetric encryption, what is a primary disadvantage?

Key distribution is challenging. (D)

What advantage does asymmetric encryption have over symmetric encryption?

It simplifies key distribution. (C)

What is the primary purpose of a digital signature?

To ensure message authenticity, integrity, and non-repudiation (D)

What is the main purpose of Access Control Lists (ACLs)?

To ensure that only authorized entities can access resources (A)

What is the function of hash functions in ensuring data integrity?

To generate a unique fingerprint of the data to detect alterations (A)

What is the purpose of traffic padding as a security mechanism?

To prevent traffic analysis by adding dummy data (D)

What is the main function of notarization as a security mechanism?

To use a trusted third party to validate communications or transactions (B)

What is the primary role of Intrusion Detection Systems (IDS) as a security mechanism?

To monitor and detect security-related anomalies or incidents (C)

Flashcards

Information Security

Protecting information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction.

Cyber Security

Protecting computer systems and networks from digital threats.

Unauthorized Access

Gaining entry to systems, data, or resources without proper permission.

Unauthorized Use

Exploiting systems or data for purposes not permitted by the owner.

Disclosure

Exposing confidential information to unauthorized individuals or entities.

Disruption

Interrupting the normal operations of systems, networks, or data access.

Modification

Altering data or systems without permission, potentially compromising integrity.

Inspection

Scrutinizing or analyzing data or systems without proper authority.

Recording

Capturing or storing sensitive information without consent.

Destruction

Irreversibly damaging or erasing data or systems without authorization.

Security

The prevention of certain types of intentional actions from occurring in a system.

Threats

Potential actions that could compromise a system.

Attacks

Threats that are carried out.

Attackers

Those who carry out intentional attacks.

Assets

Objects of attacks; what attackers target.

What is Security?

The quality or state of being secure to be free from danger.

Info Security Definition

Protection of information and its critical elements.

Prevention

Prevent attackers from violating security policy.

Detection

Detect attackers' violation of security policy.

Recovery

Stop attack, assess and repair damage.

Survivability

Continue to function correctly even if attack succeeds.

Technology

Hardware/software used to ensure security.

Policy and practice

Security requirements and activities.

Awareness

Understanding of threats and vulnerabilities.

Physical Controls

Limits access to sensitive military locations to authorized personnel.

ARPA Internet

ARPA began to examine feasibility of networked communications.

Software Security Early

The first documented problem caused by a software glitch that printed passwords

R-609 Report

A paper that started the study of computer security.

Physical Security

Physical items, objects, or areas from unauthorized access and misuse.

Personnel security

Protect individual or group of authorized individuals.

Operations security

Protect details of a particular operation or series of Activities.

Communications security

Protect communications media, technology, and content.

Network security

Protect networking components, connections, and contents.

Information security

Protect confidentiality, integrity and availability of information assets.

Confidentiality

Ensuring data is accessible only to authorized individuals.

Integrity

Maintaining data accuracy and preventing unauthorized modification.

Availability

Ensuring that data and resources are accessible when needed.

Exploit

The method used to take advantage of a vulnerability.

Exposure

A state where a vulnerability is known.

Access

The ability to use or interact with a system.

Asset

A valuable resource that needs protection.

Study Notes

Information Security vs. Cyber Security

• Information security focuses on protecting information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction.
• Cyber security focuses on protecting computer systems and networks from digital threats.
• Information security is broader than cybersecurity and encompasses all forms of information, while cybersecurity primarily focuses on the digital realm.
• Examples of information security measures include data encryption, access controls, and data loss prevention.
• Examples of cyber security measures include malware protection, network security, and intrusion detection.
• Cyber security is a subset of information security, as information security is a broader term.

What is Information Security?

• Information security is the practice of defending information.
• Unauthorized access means gaining entry to systems, data, or resources without proper permission.
• Unauthorized use means exploiting systems or data for purposes not permitted by the owner.
• Disclosure means exposing confidential information to unauthorized individuals or entities.
• Disruption means interrupting the normal operations of systems, networks, or data access.
• Modification means altering data or systems without permission, potentially compromising integrity.
• Inspection means scrutinizing or analyzing data or systems without proper authority.
• Recording means capturing or storing sensitive information without consent.
• Destruction means irreversibly damaging or erasing data or systems without authorization.

Introduction to Security Concepts

• Security is preventing certain types of intentional actions from occurring in a system.
• Potential actions that security aims to prevent are threats.
• Attacks are threats that are carried out.
• An attacker carries out intentional attacks.
• Assets are the objects of attacks.
• Security is "the quality or state of being secure—to be free from danger."
• The Committee on National Security Systems (CNSS) defines information security as protecting information and its elements, as well as the systems and hardware that use, store, and transmit that information.

Security Goals

• Prevention aims to prevent attackers from violating security policies.
• Detection involves detecting attackers' violations of security policies.
• Recovery covers stopping attacks, assessing damage, and repairing systems.
• Survivability ensures the ability to continue functioning correctly even if an attack succeeds.

Security Measures

• Technology includes hardware and software used to ensure security.
• Policy and practice involves security requirements and activities.
• Education, training, and awareness focuses on understanding threats, vulnerabilities, and how to protect against them.

History of Information Security

• The history of information security begins with computer security.
• The need to secure physical locations, hardware, and software from threats arose during World War II.
• Early mainframes, developed for computations for communication, required multiple levels of security.
• Physical controls, such as badges, keys, and facial recognition, were implemented to protect sensitive military locations.
• The first documented problems occurred in the early 1960s and involved a software glitch causing an accidental file switch, printing the entire password file on every output.
• The Advanced Research Procurement Agency (ARPA) began examining networked communications in the 1960s.
• Larry Roberts developed ARPANET, which is the first Internet.
• The 1970s and 80s saw ARPANET grow in popularity with increasing misuse potential.
• Fundamental problems with ARPANET security were identified.
• There were no safety procedures for dial-up connections to ARPANET, including non-existent user identification and authorization.
• Information security began with Rand Report R-609.
• The scope of computer security grew from physical security to include the safety of data, limiting unauthorized access, and involving personnel from multiple levels of an organization.
• The R-609 Report first identified the role of management and policy issues.
• In the 1990s, networks of computers became more common leading to the need to interconnect networks.
• The Internet became the first manifestation of a global network of networks.
• Security was treated as a low priority in early Internet deployments.
• Since 2000, millions of computer networks connected via the Internet, most of which were unsecured.
• This resulted in the realization of information security, its importance, and its use.

Achieving Security

• A successful organization should implement multiple layers of security
• Physical security protects physical items, objects, or areas from unauthorized access and misuse.
• Personnel security protects individuals authorized to access the organization and its operations.
• Operations security protects the details of a particular operation or series of activities.
• Communications security protects communications media, technology, and content.
• Network security protects networking components, connections, and contents.
• Information security protects the confidentiality, integrity, and availability of information assets, achieved via policy, education, training, awareness, and technology.

CIA Triangle

• The C.I.A. triangle ensures computer security through confidentiality, integrity, and availability.
• Confidentiality ensures that data is accessible only to authorized individuals.
• Integrity maintains data accuracy and prevents unauthorized modification.
• Availability ensures that data and resources are accessible when needed.

Components of an Information System

• Software includes applications, operating systems, and utilities; securing it is challenging.
• Hardware is the physical technology that houses and executes software and deals with physical security policies protecting it from harm or theft.
• Data stored, processed and transmitted by a computer system must be protected, as data is often the most valuable asset for an organization.
• People can be information security threats and the weakest link if policies, education, training, awareness, and technology are not properly employed.
• Procedures include written instructions; unauthorized access poses a threat to the integrity of information.
• Networks when forming local area networks (LANs) and connecting to other networks such as the Internet, create new information security challenges.

Security Attacks

• A computer can be the subject and/or the object of an attack.
• When the computer is the subject, it is used to conduct an attack.
• When the computer is the object, it is being attacked.
• There are two types of attack: direct and indirect.
• A direct attack involves a hacker using their computer to break into a system.
• An indirect attack involves a compromised system used to attack other systems.

Passive Attacks

• Passive attacks involve eavesdropping on or monitoring transmissions to obtain information and are hard to detect.
• Release of message contents happens when an attacker gains access to sensitive information.
• Traffic analysis involves monitoring communication patterns to gather information without seeing actual content.
• Preventing passive attacks is more feasible than detecting them.

Active Attacks

• Active attacks involve modifying data streams or creating false streams.
• Masquerade involves someone pretending to be another person or system to gain access.
• Replay involves capturing and reusing valid data (like login details).
• Modification of messages involves changing data, leading to incorrect information.
• Denial of service involves flooding a system to make it unavailable.
• Detecting and recovering from active attacks is more feasible than absolute prevention.

Types of Security Attacks

• Interruption involves destroying or making a system asset unavailable.
• Interception involves unauthorized access to an asset.
• Modification involves unauthorized tampering with an asset.
• Fabrication involves inserting counterfeit objects into a system.

Key Characteristics of Information

• Timeliness ensures information is up-to-date for decision-making.
• Availability ensures information is accessible when needed.
• Accuracy reflects the state without errors.
• Authenticity comes from a trusted source without tampering.
• Confidentiality protects information from unauthorized access.
• Integrity maintains completeness and consistency.
• Utility serves a practical purpose for users.
• Possession maintains ownership or control by authorized entities.

Security Architecture for Open Systems Interconnection (OSI)

• The OSI Security Architecture from ITU-T X.800 is a framework that defines security requirements and approaches.
• The components define security attacks, mechanisms, and services, as well as their relationships.
• Requirements in X.800 are categorized into security services.
• Authentication assures that a communication is authentic.
• The recipient should be sure that the message came from the source it claims to be.
• All communicating parties should be sure that there is no unauthorized interference.
• Access Control prevents unauthorized use of a resource.
• Data confidentiality protects data from unauthorized disclosure.
• This includes Connection confidentiality, Connectionless confidentiality, Selective field confidentiality, and Traffic-Flow Confidentiality.
• Data Integrity assures that received data is exactly as sent by an authorized entity.
• Nonrepudiation provides protection against denial of participation in a communication.
• Nonrepudiation can relate to Origin (proof of message sent) and Destination (proof of message received).
• Availability service ensures that a system is accessible and usable upon demand.

Security Mechanisms

• Encipherment (encryption) transforms plaintext into ciphertext using cryptographic algorithms and keys.
• Ciphertext is unreadable.
• Only authorized parties can decrypt using correct decryption keys.
• Plaintext is the original readable data.
• The encryption algorithm transforms plaintext to ciphertext.
• The decryption algorithm reverses the encryption.
• A key is a secret value and encryption security depends on its secrecy.
• Types of Encryption:
  • Symmetric encryption utilizes the same key for both encryption and decryption, is fast, efficient, and simple to implement; key distribution is challenging and less scalable.
  • DES (Data Encryption Standard), 3DES (Triple DES), and AES (Advanced Encryption Standard) are examples.
  • Asymmetric encryption utilizes a public key for encryption and a private key for decryption, solves the key distribution problem, and provides digital signatures and non-repudiation.
  • It is slower and not suitable for large data amounts.
• Digital signatures ensure the authenticity, integrity, and non-repudiation of digital messages via cryptography.
• Access control ensures that only authorized entities can access resources using Access Control Lists (ACLs), Role-Based Access Control (RBAC), and Mandatory Access Control (MAC).
• Data Integrity ensures that data is not altered during transmission or storage using hash functions (SHA-256, MD5) and Message Authentication Codes (MACs).
• Authentication verifies the identity of communicating entities through passwords, biometrics, and two-factor authentication.
• Traffic Padding prevents traffic analysis by adding dummy data to streams.
• Routing Control ensures that data is routed through secure and trusted paths with network layer security (IPsec) and secure routing protocols.
• Notarization uses a trusted third party to validate or certify operations, using timestamping and Certificate Authorities (CAs) for digital certificates.
• Event Detection monitors/detects security-related occurrences, using Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM).