Untitled Quiz

Questions and Answers

Flashcards

Computer Security

The protection of computer system assets (hardware, software, and data) from unauthorized activities.

Information Security

Protecting sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.

Vulnerability

A weakness in a security system that can be exploited to cause harm.

Threat

A set of circumstances that could exploit a vulnerability, leading to harm.

Attack

An attempt to exploit a vulnerability in a security system.

Control/Countermeasure

A measure taken to limit the impact of a threat or vulnerability.

Assets (Computer Systems)

The valuable parts of a computer system including hardware, software, and data.

Asset Values

Different parts of a computer system can vary in terms of how easy they are to replace.

Study Notes

Security in Computing - Chapter 1

• Objectives: Define computer security and basic security terms, introduce the C-I-A triad, introduce access control terminology, explain basic threats, vulnerabilities, and attacks, show how controls map to threats.
• Information Security: Protects sensitive information from unauthorized activities (inspection, modification, recording, disruption, or destruction). The goal is to ensure the safety and privacy of critical data (customer accounts, financial data, intellectual property).
• Computer Security: Protection of computer system assets: hardware, software, and data.
• Assets:
• Hardware: Computer, devices (disk drives, memory, printer), network gear.
• Software: Operating system, utilities (antivirus), commercial applications (word processing, photo editing), individual applications.
• Data: Documents, photos, music, videos, email, class projects.
• Values of Assets:
• Hardware: Off the shelf, easily replaceable.
• Software: Off the shelf, easily replaceable.
• Data: Unique, irreplaceable.
• Basic Terms: Vulnerability, threat, attack, countermeasure (control).
• Vulnerability: A weakness in a security system (procedures, design, or implementation) that can be exploited.
• Threat: A set of circumstances with the potential to cause loss or harm (violation of security).
• Attack: A human (criminal) exploiting a vulnerability.
• Control (Countermeasure): An action, device, procedure, or technique to remove or reduce a vulnerability.
• Threat and Vulnerability Relationship: A threat is blocked by a control of a vulnerability. Understanding threats is key to creating effective controls.
• C-I-A Triad: Confidentiality, integrity, availability.
• Confidentiality: Ensuring that computer-related assets are accessed only by authorized parties (secrecy, privacy).
• Integrity: Ensuring that assets can be modified only by authorized parties or only in authorized ways (writing, changing, deleting, creating).
• Availability: Ensuring that assets are accessible to authorized parties at appropriate times (often known by its opposite - denial of service).
• Access Control: Policy of who, what, and how. Subject (who) + Mode of access (how) + Object (what) = Yes/No.
• Types of Threats: Natural causes (fire, power failure), human causes (benign intent - human error, malicious intent - random/directed attacks (malicious code, impersonation)).
• Types of Attackers: Hacker, individual, terrorist, organized crime member, criminal-for-hire, loosely connected group.
• Types of Harm: Interception (unauthorized access), interruption (inaccessibility), modification (tampering), fabrication (creating counterfeit objects).
• Method-Opportunity-Motive (MOM): The three things required for a malicious attacker: Method(how), opportunity (when), motive (why).
• Controls/Countermeasures: Physical, procedural, and technical.
• Types of Malware: Virus, worm, Trojan horse, bots, rootkit, remote-access trojan (RAT), spyware.
• Security Goals: Prevention, detection, recovery.

Security in Computing - Additional Chapters (from overview)

• Chapter 2: Toolbox: Authentication, Access Control, and Cryptography
• Chapter Additional Content: Describing identification versus authentication, several means of authentication (something you know, something you are, something you have - and factors related to location and behavior), concepts of cryptography (the study of encryption and decryption).
• Chapter 3: Program Security (various types of attacks), stack overflow, incomplete mediation, and more
• Chapter 4: Access Control Policies & Administration, access matrix, access control directory, privilege lists.
• Chapter 5: Multilevel Databases, sensitive attributes and associated security issues, and proposals to address these situations.
• Additional Topics Covered: Malware activation, virus effects, virus detection, code testing, good and bad design principles, various methods, example of different types of controls.
• Summary: Vulnerabilities, threats, attacks, and security controls for computers and computing systems.