ITBP301 Security Principles Quiz

Questions and Answers

What are the three components of the CIA security model?

Confidentiality, Integrity, Availability

Which of the following is NOT a component of cybersecurity?

Physical health (correct)

Network security

Information security

Device security

Integrity refers to ensuring that information is available in an authorized way.

False

Give an example of a situation where a compromise of confidentiality occurs.

Unauthorized access to sensitive information.

What can be done to mitigate security risks?

Learn about threats, understand vulnerabilities, utilize protective mechanisms.

What type of attack involves an attempt to alter system resources?

Active attack

Confidentiality focuses on the avoidance of any unauthorized disclosure of ______.

information

Which type of attack is characterized by eavesdropping and does not affect system resources?

Passive attack

Study Notes

Basic Security Concepts—Countermeasures

• Course: ITBP301, taught by Ali Ismail Awad & Norziana Jamil at UAEU.
• Focus on fundamental security concepts, vulnerabilities, and countermeasures against threats.

Learning Objectives

• Identify assets requiring protection.
• Understand potential threats to these assets.
• Explore countermeasures to mitigate threats.

Information Security vs. Cybersecurity

• Cybersecurity encompasses a broader scope:
  • Includes information/data security, device security, network security, and people.
• All connected devices fall within cyberspace.

Information Security: Overview

• Merges technical implementation with management strategies.
• Emphasizes the necessity for governance and decision-making processes.

Historical Overview

• Key aspects of security have included access control and privacy.
• Historical practices like secret messages show the evolution of security measures.

Security Definition

• Core model: CIA (Confidentiality, Integrity, Availability)
  • Confidentiality: Prevent unauthorized disclosure of information.
  • Integrity: Ensure only authorized modifications occur to information.
  • Availability: Guarantee timely access to information for authorized users.

CIA Security Concepts

• Confidentiality: Involves proper information access restrictions and privacy protections.
• Integrity: Protects against unauthorized modifications, ensuring authenticity and non-repudiation.
• Availability: Focuses on reliable and timely access to information.

Security Risks

• Mitigating risks necessitates:
  • Understanding potential threats.
  • Recognizing the origins of system vulnerabilities.
  • Utilizing mechanisms to reduce or eliminate threats.

Vulnerabilities, Threats, and Attacks

• Vulnerabilities types:
  • Corrupted (loss of integrity).
  • Leaky (loss of confidentiality).
  • Unavailable or slow (loss of availability).
• Threats:
  • Possibilities of exploiting vulnerabilities, posing security risks to assets.
• Attacks:
  • Passive attacks: Do not affect resources, classified as eavesdropping or traffic analysis.
  • Active attacks: Attempt to alter resources, can be executed by insiders or outsiders.

Passive vs. Active Attacks

• Passive Attacks:
  • Aim to obtain information without affecting system resources, making them hard to detect.
  • Types include content release and traffic analysis.
• Active Attacks:
  • Actively attempt to disrupt or manipulate system resources.

Practical Application

• In-class exercises focus on identifying scenarios where confidentiality, integrity, or availability is compromised.

Description

Test your knowledge on the fundamental concepts of security in IT. This quiz covers basic security principles, vulnerabilities, and effective countermeasures that can be applied. Perfect for students in the ITBP301 course this Fall 2024.