20 Questions
Which concept is used to secure against someone removing confidential data from an environment on a USB flash drive?
Defense in depth
What aspect of the Parkerian Hexad allows you to determine the proper owner or creator of data?
Authenticity
What is the difference between authorization and access control?
Authorization determines what an authenticated party can do, while access control is the tools and systems used to deny or allow access.
Which should take place first, authorization or authentication?
Authentication
What is the primary security focus of the Bell-LaPadula and Biba multilevel access control models?
Confidentiality
Can the Bell-LaPadula and Biba multilevel access control models be used together?
No, they have conflicting security requirements.
What is the primary purpose of encryption for protecting confidential data on a USB flash drive?
To prevent unauthorized access to the data
What is the Parkerian Hexad?
A framework for understanding information security
Which layer of security is implemented to deny or allow access to resources?
Access control
What is the purpose of authentication in the context of information security?
To verify the identity of a user or service
Which access control model protects integrity by ensuring that the resource can only be written by those with a high level of access and that those with a high level of access don't access a resource with a lower classification?
Biba model
What does the Bell-LaPadula model ensure while handling classified information?
You cannot read any higher than your clearance level
What is the confused deputy problem?
A problem that occurs when software misuses its level of authority
What is the main difference between access control lists (ACLs) and capabilities?
Capabilities are oriented around the use of a token that controls access
If the Web servers in our environment are based on Microsoft's Internet Information Server (IIS) and a new worm is discovered that attacks Apache Web servers, what do we not have to worry about?
Threat
Why is it important to identify your critical information?
To determine the value of your information assets
What part did George Washington play in the creation of operations security?
He created America's first intelligence community
When you have cycled through the entire operations security process, are you finished?
No, you need to update and reapply OPSEC regularly
From where did the first formal OPSEC methodology arise?
Vietnam War
Which US law protects the privacy of minors younger than 13 by restricting organizations from collecting their Personally Identifiable Information (PII)?
COPPA
Study Notes
Data Protection
- Data Exfiltration is the concept used to secure against someone removing confidential data from an environment on a USB flash drive.
Parkerian Hexad
- The Parkerian Hexad is a model used to identify the owner or creator of data, considering aspects such as possession, control, and ownership.
Access Control
- Authorization is the process of determining what a user can do with a resource, while access control is the process of controlling access to resources.
- Authentication should take place before authorization.
- Access control is implemented at the perimeter security layer to deny or allow access to resources.
Multilevel Access Control
- The Bell-LaPadula and Biba models are multilevel access control models that focus on confidentiality and integrity, respectively.
- The Bell-LaPadula model ensures that no read up or write down occurs, protecting confidentiality.
- The Biba model ensures that no write up or read down occurs, protecting integrity.
- Both models can be used together.
Encryption
- Encryption is used to protect confidential data on a USB flash drive.
Authenticaction
- Authentication is the process of verifying the identity of a user or device in the context of information security.
Capabilities and ACLs
- Access Control Lists (ACLs) and Capabilities are both access control models, with ACLs focusing on resources and Capabilities focusing on user permissions.
Web Server Security
- Since the worm attacks Apache Web servers, it does not affect Microsoft's Internet Information Server (IIS) environments.
Operations Security
- Identifying critical information is crucial in operations security to prioritize protection efforts.
- George Washington did not play a role in the creation of operations security.
- The operations security process is continuous, and cycling through the process does not mean it is finished.
- The first formal OPSEC methodology arose from the US Military.
Privacy Law
- The Children's Online Privacy Protection Act (COPPA) is a US law that protects the privacy of minors younger than 13 by restricting organizations from collecting their Personally Identifiable Information (PII).
Confused Deputy Problem
- The confused deputy problem occurs when a program is given more privileges than necessary to perform a task, leading to potential security risks.
Test your knowledge on securing confidential data against USB data theft with this quiz! Learn about the layers of defense in depth and encryption methods to safeguard your environment. Explore the concept of authenticity in the Parkerian Hexad and understand how it helps in attributing actions. Challenge yourself and enhance your understanding of data protection!
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
