Introduction to Information Security (INF 203)

Questions and Answers

What does information security primarily protect against?

• Market fluctuations
• Loss of physical assets
• Unauthorized access and disclosure (correct)
• Employee turnover

Which component is NOT part of the CIA security triad?

• Availability
• Integrity
• Confidentiality
• Accountability (correct)

What is the primary goal of physical security?

• To protect against unauthorized access (correct)
• To safeguard communications
• To monitor network traffic
• To ensure data integrity

Which of the following best defines security in the context of information security?

Freedom from potential harm caused by others (A)

What type of security is focused on protecting information assets during transmission?

Network security (A)

Which of the following is a benefit of understanding cybersecurity threats?

It helps design more secure systems (D)

What is the focus of incident response strategies?

Addressing security breaches (C)

Which layer of security protects the details of individuals authorized to access operations?

Personnel security (B)

What type of attack involves the possible loss or corruption of data?

Integrity attack (B)

What does a configuration file typically manage?

Service behavior (D)

What is commonly referred to as spoofing?

Interception attacks (D)

What can a modification attack affect in a database?

Service availability (B)

Which type of attack tries to make a service unavailable to legitimate users?

Availability attack (C)

What do threats in cybersecurity typically refer to?

Potential harm to assets (B)

What can be used as a method for propagating malware?

Interception attacks (D)

What could an alteration in a configuration file lead to regarding encrypted connections?

Decreased security (C)

What type of attack is characterized by unauthorized access to data, applications, or environments?

Interception attack (C)

Which attack type causes assets to become unusable or unavailable for a temporary or permanent basis?

Interruption attack (D)

Which type of attack entails tampering with assets, such as modifying data within a file?

Modification attack (A)

A DoS attack on a mail server primarily affects which aspect of security?

Availability (C)

What distinguishes a fabrication attack from other types of attacks?

It generates data or communication that is not genuine. (A)

Which type of attack could also be considered an availability attack if it involves unauthorized data access?

Interception attack (B)

In the case of eavesdropping on phone conversations, which type of attack is being described?

Interception attack (D)

What can be a result of unauthorized file viewing in terms of security attack type?

Interception attack (C)

What is the primary purpose of understanding information as an asset?

To better organize and utilize the information within an organization (C)

Which of the following best describes 'Integrity' in the context of information security?

The ability to prevent unauthorized changes or deletions of data (D)

What does 'Confidentiality' primarily refer to?

The protection of data from unauthorized access (B)

Which of the following is not a component of the CIA triad?

Application Security (D)

What type of asset does 'software' refer to in the context of information security?

Programs used to process and manage information (C)

Which of the following could lead to a loss of availability of information?

Network attacks or system compromises (D)

How can organizations ensure the integrity of their data?

By enabling backup systems and change logs (D)

What is a critical aspect of maintaining data availability?

Having contingency plans for power loss or system failures (D)

Flashcards

Information Security

Protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. It ensures confidentiality, integrity, and availability.

Information Security

Achieved through network components, connections, content, policy, education, training, and awareness, alongside technology.

CIA Triad

A model composed of three key security principles: Confidentiality (keeping information secret), Integrity (ensuring accuracy and trustworthiness), and Availability (ensuring access to authorized users).

Information as an Asset

Information is categorized as pure information (data), physical assets (hardware), and software.

Pure Information

Raw data, like social network data, usable for insights.

Security

Freedom from potential harm or unwanted change by others, safeguarding against threats.

Physical Asset

Computer systems (hardware). Valuable and long-lasting.

Physical Security

Protecting physical assets and areas from unauthorized access and misuse.

Software

Used to process information. Needs integrity and confidentiality.

Personnel Security

Protecting the individuals authorized to access an organization and its operations.

Operations Security

Protecting the details of an organization's activities and processes.

CIA Triad

Confidentiality, Integrity, and Availability - core principles of information security.

Confidentiality

Protecting data from unauthorized access.

Communications Security

Safeguarding communication media, technology, and content to prevent unauthorized access or interception.

Availability

Ensuring data is accessible when needed.

Network Security

Protecting networks and data transmitted over them to prevent unauthorized access or misuse.

DoS Attack

A denial-of-service attack caused by an outside party, making a service unavailable.

Attack

An intentional or unintentional act that harms information or systems.

Interception Attack

Unauthorized access to data, applications, or environments; Primarily a confidentiality attack.

Interruption Attack

Attacks that make assets unusable or unavailable; Often affecting availability.

Modification Attack

Tampering with data; Primarily an integrity attack.

Fabrication Attack

Creating fake data, processes, or communications; Primarily affects integrity but can impact availability.

Confidentiality Attack

An attack targeting confidentiality, often involving unauthorized access to data.

Integrity Attack

Attacks that tamper with data or assets; affecting integrity.

Interception Attacks

Attacks that try to access data without authorization.

Integrity Attack

Attacks that potentially corrupt or destroy data.

Modification Attack

Changing data or configuration files to alter service behavior.

Availability Attack

Attacks that make a service unavailable to users.

Configuration File

A file that controls how a service operates.

Spoofing

Generating fake e-mails or other content.

Threat

Anything with the potential to harm an asset.

Database Attack

Any attack directed toward a database system.

Study Notes

Introduction to Information Security (INF 203)

• Course content covers information security basics, the CIA Security Triad, attacks, and threats/vulnerabilities/risk.
• Information security is freedom from or resilience against potential harm caused by others.
• Information security protects information and systems from unauthorized access, use, disclosure, disruption, modification, or distraction to ensure confidentiality, integrity, and availability. NIST defines this.
• Successful organizations utilize multiple layers of security:
  • Physical security: Protects physical items, objects, or areas from unauthorized access and misuse.
  • Communications security: Protects communication media, technology, and content.
  • Network security: Protects network components, connections, and content.
  • Personnel security: Protects authorized individuals who have access to the organization and its operations.
  • Information security: Protects the confidentiality, integrity, and availability of information assets regardless of transmission, processing, or storage methods.
• Components of information security include:
  • Information security
  • Network security
  • Management of information security
  • Policy
  • Computer & data security
• Types of information assets: Pure information, Physical assets, and Software
• The CIA triad comprises: Confidentiality, Integrity, and Availability.
• Confidentiality protects data from unauthorized access.
• Integrity ensures data accuracy and reliability.
• Availability ensures data access when needed.
• Potential attacks include: Interception, Interruption, Modification, and Fabrication.
• Threats are potential harms.
• Vulnerabilities are weaknesses that threats can exploit.
• Risk is the likelihood of a threat causing harm through a vulnerability.

Description

Test your knowledge on the foundational concepts of information security, including the CIA Security Triad, various types of security, and the importance of protecting information. This quiz covers basic terminology and principles necessary for understanding how organizations manage security risks. Gain insights into protecting against unauthorized access and ensuring the confidentiality, integrity, and availability of information systems.