Introduction to Information Security Module 1

Questions and Answers

Which component of an information system is primarily responsible for executing applications and storing data?

• Hardware (correct)
• Procedures
• Software
• Networks

What is a primary challenge associated with securing the software component of an information system?

• Lack of user access controls
• Inaccessibility of data
• Errors in software programming (correct)
• Physical damage to hardware

Which of the following is considered a traditional tool of physical security for protecting hardware?

• Firewalls
• Locks and keys (correct)
• Software encryption
• Digital user access controls

How does the information technology industry often treat information security during software development?

As an afterthought (B)

What is one of the critical components that enables information to be processed and stored within an information system?

People (D)

Which of the following methods is most commonly used to enforce copyright laws?

Unique software registration codes (A)

What result can a breach of physical security lead to within an information system?

Loss of information (D)

What is considered a form of availability disruption?

Degradation of service (B)

Which component of an information system includes applications and operating systems?

Software (A)

What risk does an organization face when relying on a web hosting provider?

Potential loss of Internet service (C)

Which of the following can lead to deviations in quality of service for an organization?

Severe weather events (C)

What often limits the security measures taken during the development of software in an information system?

Project management constraints (C)

What are service level agreements (SLAs) most often linked with?

Web hosting services (D)

What might result from a service provider failing to meet SLA terms?

Accrual of fines for client losses (A)

Which of these can cause interruptions to an organization's information systems?

Dependent service vendors (D)

Which of the following best describes a situation of degraded service?

Power outages causing partial operations (C)

What is the primary role of the champion in an information security project team?

To promote the project and ensure its support at the highest levels (A)

Which role in the information security project team is responsible for understanding organizational culture and policies?

Security policy developers (D)

Who among the following is primarily responsible for administering systems that house information?

Systems administrators (A)

What is the main responsibility of data owners in an organization?

To classify data and manage its use (A)

Which role directly works with data owners to manage information and systems?

Data custodians (A)

End users in the project team serve what important function?

Focus on realistic controls to safeguard business activities (D)

What skills are essential for a team leader in an information security project?

Project management and information security technical requirements (C)

Which of the following best describes the role of risk assessment specialists?

They understand financial risk assessment techniques (C)

What is a common characteristic of forces of nature?

They usually occur with little warning. (B)

Which of the following is a measure organizations should implement to manage threats from forces of nature?

Disaster recovery plans (B)

What term is used to refer to events that may include natural disasters as well as civil disorder?

Force majeure (B)

Which of the following actions can help reduce the likelihood of human error in organizations?

Verifying critical commands (C)

In what way can employees pose a threat to information security?

They can unintentionally make mistakes. (C)

What is information extortion?

Demanding compensation for stolen data. (B)

Which of the following scenarios could be considered an example of human error or failure?

A user forgetting to save their work. (B)

What is a significant danger posed by human errors in an organization?

They can cause extensive damage to data security. (C)

What distinguishes pharming from phishing attacks?

Pharming modifies user traffic without their knowledge. (D)

What is a primary danger of unauthorized packet sniffers?

They are challenging to detect. (C)

What is the primary function of VirtualBox Guest Additions?

To optimize the guest operating system performance (C)

How does a man-in-the-middle attack work?

The attacker monitors and alters data packets on the network. (C)

What typically triggers a phishing attack?

Clicking on links or buttons. (D)

What is the first step to import an .ova file in VirtualBox?

Browse to the file you'd like to import (D)

What is a fundamental function of a packet sniffer?

To analyze and display data traversing a network. (C)

After selecting the .ova file for import, what does VirtualBox do next?

It reads the information contained in the file (B)

What should a user do if a Windows guest does not automatically start the Guest Additions installer?

Manually start the installer from the CD image (A)

What technique does spoofing employ in unauthorized access?

Using a forged or modified source IP address. (D)

What is the role of DNS cache poisoning in pharming attacks?

To corrupt legitimate DNS data tables. (A)

Which of the following best describes successful organizations' approach to security?

They have multiple layers of security measures in place (A)

What is one of the risks associated with clear text data transmissions on local networks?

They expose sensitive information to unauthorized users. (B)

Information security is defined as what?

A well-informed sense of assurance regarding information risks (B)

Which of the following is NOT considered a layer of security in an organization?

Environmental security (C)

How are information security and social science related?

Information security includes many aspects of social science (B)

Flashcards

Information System (IS)

The entire collection of software, hardware, data, people, procedures, and networks used to manage information within an organization.

Hardware

The physical components of an IS, including computers, servers, routers, and other devices.

Software

The programs and instructions that tell the hardware what to do, including operating systems, applications, and utilities.

Network

The network of connections that allow data to flow between different parts of the information system.

People

The people who interact with the information system, including users, administrators, and developers.

Procedures

The set of rules, guidelines, and processes that govern how people use the information system.

Data

The raw facts and figures that are processed, stored, and retrieved by the information system.

Information Security

Protecting the information system from unauthorized access, use, disclosure, disruption, modification, or destruction.

Copyright Enforcement Mechanisms

Preventing unauthorized access to copyrighted materials, using techniques like digital watermarks, embedded code, and copyright codes.

End User License Agreement (EULA)

A legally binding agreement outlining the conditions for using software. Typically presented during installation.

Deviations in Quality of Service

Disruptions to essential services like power, internet, or communication networks that impact an organization's operations.

Availability Disruption

A form of availability disruption where the backup system cannot provide the full functionality of the primary system.

Threats to Internet Service

The potential loss of internet service due to outages or interruptions.

Service Level Agreement (SLA)

A contract between a web hosting provider and a client that outlines service levels and responsibilities.

Communications and Service Provider Issues

Organizations that provide other essential services like power, internet, or communication, that can impact an organization's operations.

Fines for SLA Violations

Penalties imposed on a service provider for failing to meet the agreed-upon terms of a Service Level Agreement (SLA).

Champion

A senior executive who champions the information security project and ensures its support.

Team Leader

A project manager who oversees the project's progress, understands personnel management, and possesses technical security knowledge.

Security Policy Developers

Individuals who understand the organization's culture, policies, and the requirements for creating effective security policies.

Risk Assessment Specialists

Individuals who understand financial risk assessment, the value of organizational assets, and the security methods to safeguard them.

Security Professionals

Dedicated and knowledgeable professionals specializing in all aspects of information security, both technical and non-technical.

Systems Administrators

People directly responsible for managing and administering the systems that store the organization's information.

End Users

Individuals who will be directly impacted by the new security system. They provide valuable feedback for realistic and practical controls.

Data Owners

Senior management members responsible for the security and use of a specific set of information. They determine data classification and oversee its management.

Data Custodians

Individuals who work directly with data owners and are responsible for managing the information and the systems that process, transmit, and store it.

Forces of Nature

Threats from natural disasters like fires, floods, earthquakes, and even insect infestations. These events can disrupt operations and cause widespread damage.

Human Error or Failure

A category of threats that includes unintended mistakes made by authorized users. These can stem from human error, inexperience, or failure to follow protocols.

Information Extortion

A type of threat where an attacker or insider steals data and demands payment for its return or for an agreement not to disclose it.

Disaster Recovery Plans

A control implemented to minimize damage caused by forces of nature. Examples include emergency plans and backup systems.

Business Continuity Plans

Strategies to ensure critical business functions can continue, even during significant disruptions.

Incident Response Plans

Procedures for handling cybersecurity incidents, including detection, response, and recovery.

Double Entry

A strategy for preventing human error by requiring users to double-check critical entries, ensuring accuracy.

Two-Party Verification

A control that involves a second party reviewing and validating commands and actions, reducing the risk of human error.

Spoofing

A type of attack that uses forged or modified source IP addresses to trick systems into thinking messages come from a trusted source.

Man-in-the-Middle Attack

A technique where an attacker intercepts and modifies data packets traveling between two parties on a network.

Pharming

A type of attack using malicious software to redirect users to fake websites, often disguised with a legitimate URL.

Packet Sniffer

A method of stealing data by monitoring network traffic, often used to capture passwords, files, and sensitive information.

Phishing

A social engineering attack that tricks users into clicking malicious links or revealing sensitive information.

Session Hijacking

Taking control of a legitimate TCP connection between two parties on a network, allowing the attacker to eavesdrop, alter, or redirect data.

DNS Cache Poisoning

A type of attack that exploits vulnerabilities in the Domain Name System (DNS) to redirect users to malicious websites.

Address Spoofing

A technique used to mimic legitimate entities on a network by using forged IP addresses.

Guest Additions

Software and system applications that enhance the performance and user experience of a virtual machine's guest operating system.

Security Layers

Multiple layers of protection implemented by organizations to safeguard their information systems.

Virtual Appliance Import

The process of importing a virtual appliance file (.ova) into a virtualization software like VirtualBox.

Protection vs. Availability

The balance between safeguarding valuable information and ensuring its accessibility for legitimate users.

Threat Analysis

A security measure that involves the systematic analysis of potential threats and their possible impact on an information system.

Recovery

The ability to restore a system to its previous state in case of a failure or security breach.

Study Notes

Module 1 Goals

• Students must be able to identify key terms in information security
• Identify the components of an information system
• Describe information security as an art or science
• Describe the need for information security in an organization
• Identify different threats and attacks on information systems

Focal Points

• The module provides a foundation for understanding information security, defining key terms, concepts, and the origins of the field
• Security, as an art, lacks hard and fast rules for implementing security mechanisms
• Security, as a science, acknowledges that specific scientific conditions cause most actions in computer systems. Security, as a social science, examines how individuals interact with systems.

Lessons

• Lesson 1: Introduction to Information Assurance and Security (p. 4)
• Lesson 2: Need for Security (p. 17)
• Lesson 3: Threats and Attacks (p. 20)
• Lesson 4: Virtual Laboratory Environment (p. 36)

Understanding Information Assurance and Information Security

• Cyberattacks and data loss pose constant threats to digital information
• Information assurance and information security are common methods to prevent cyberattacks
• Information is any representation of knowledge in various forms, as defined by NIST

Information Assurance

• Information assurance protects and defends information and systems by ensuring availability, integrity, authentication, confidentiality, and non-repudiation.
• Measures include protection, detection, and reaction capabilities
• The five pillars of information assurance apply depending on the sensitivity of information systems

Understanding Components of an Information System

• Information systems (IS) comprise software, hardware, data, people, procedures and networks for accessing information
• The six critical components enable input, processing, output, and storage of information.

Components of an information system

• People resources
• Data and knowledge bases
• Data resources
• Software resources
• Hardware resources
• Network resources

Computer Security vs Information Security

• Computer security focuses on securing the physical location of computer systems, while information security focuses on protecting and preserving information from loss within an organization.
• Physical, personal, operations, communication and information security are multiple layers required for securing organizational assets
• Organizational security is a combination of protecting people, data, procedures and networks.

Cyber Security

• Cybersecurity is the ability to protect cyberspace against attacks and unauthorized use.
• Cybersecurity involves a range of technologies focused on preventing attacks and defending against unauthorized use of computer systems.
• Cyber-security is used in private and governmental sectors.

Business Needs First

• Data security is frequently used as a substitute for information security, focusing on protecting data and information regardless of state (at rest, in processing or in transit).
• Information security functions include: protecting an organization's ability to function, protecting the data and information an organization collects, enabling safe operation of applications running on IT systems, and safeguarding the organization's technology assets
• Protecting the functionality, data, security in operations and assets are four areas where information security needs to manage risks

Threats and Attacks

• Cybercrime involves criminal activity targeting computer systems, networks, or devices for malicious purposes like profit generation.
• Cybercriminals or hackers often perform cybercrimes to generate profit.
• Cybercriminals utilize techniques like social engineering, hacking, rogue employee activities, phishing, spear phishing and ransom attacks to compromise systems.

Types of Cyber Criminals

• Social Engineer- tricks unsuspecting employees to compromise data
• Hacker- hacks computers without clear criminal reason
• Rogue Employee- disgruntled employees, posing an insider threat to data security
• Spear Phisher- pretends to be a legitimate email sender to compromise data
• Ransom Artist- exerts pressure on the victim to pay a sum of money to regain access to their data

Introduction to Virtual Laboratory Environment

• VirtualBox is a powerful virtualization tool used in home and enterprise systems.
• Supported operating systems include Windows, Linux, macOS, and others
• VirtualBox supports virtual network connections including NAT, bridged, host-only, internal and generic networking

Key Terms

• Security Triangle
• Information System (IS).
• Computer Security.
• Information security
• Threat
• Vulnerability
• Hacker
• Cracker
• Phreaker
• Malware
• Virus
• Worm
• Trojan Horse
• Back Door
• Bot
• Denial-of-service (DoS)
• Distributed Denial-of-service (DDoS)
• Mail Bomb
• Spam
• Packet Sniffer
• Man-in-the-middle
• Pharming
• Spoofing
• Theft