29 Questions
What are the three types of controls commonly used for managing risk?
Physical, technical, administrative
Which type of control involves mechanisms like firewalls and antivirus software?
Technical controls
What is an example of a physical control used to prevent unauthorized access?
Security badges and access cards
Which type of control includes solutions like authentication mechanisms and encryption measures?
Technical controls
What is the main function of detective controls?
To detect unauthorized access
Which type of control involves measures like security lighting, motion sensors, and CCTV surveillance?
Physical controls
What is the purpose of covert channels in the context of a secure operating system?
To bypass security measures and transfer information between security domains
How might a 'timing channel' function as a covert channel?
By using a Trojan horse program to send information through alternating loops and waits
What is a fundamental principle of IT security highlighted in the text?
Protecting the organization's assets, including people, property, and data
How are security controls related to an organization's risk management process?
They are derived from the risk management process to mitigate risks to organizational assets
Which of the following best describes the purpose of surveillance systems in IT security?
To monitor and detect potential security threats or breaches
Why is it challenging to prevent all covert channels within a secure operating system?
Because there is no foolproof way to eliminate all methods of circumventing security barriers
What do administrative controls refer to in an organization's security goals?
Policies, procedures, or guidelines related to personnel or business practices
Which of the following is an example of a preventive control?
Antivirus software
What is the primary purpose of detective controls?
To alert to unwanted or unauthorized activity in progress or afterwards
Among the options below, which one is NOT considered an administrative control?
Firewalls
Which security measure is categorized as a corrective control?
Measures taken to repair damage after unwanted activity
What do preventative controls aim to achieve?
Stop unwanted or unauthorized activity from occurring
According to the rules mentioned, the Simple Integrity Rule allows the subject to read files from which layers of secrecy?
Same and Upper layers
Which rule states that the subject can only write files on the Same and Lower layers of secrecy?
Star Integrity Rule
In the Clarke Wilson Security Model, what type of data items cannot be accessed directly by the Subject?
Constrained Data Items
Which entity in the Clarke Wilson Security Model is described as any user requesting Data Items?
Subject
What distinguishes the Unconstrained Data Items from Constrained Data Items in the Clarke Wilson Security Model?
Access Restrictions
What is a fundamental concern in the security of cyberspace and e-commerce?
The security of operating systems
Where do many known vulnerabilities in computer systems originate from?
Operating systems
How does the security of an operating system impact the overall security of a computer system?
It has fundamental impacts on the overall security
What can happen if there is a compromise of the underlying operating system?
Exposure to danger for applications running on the system
In what type of environment do modern information computer systems allow multiple applications to run concurrently?
Time-sharing environment
What does a lack of proper control and containment of application execution in an OS lead to?
Increased vulnerability to attacks from other applications
Explore the fundamental concerns and importance of secure operating systems in cyberspace and e-commerce. Learn about the vulnerabilities, bugs, and deficiencies that can affect the security of information systems.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
