USB Data Theft Quiz

Questions and Answers

Which concept is used to secure against someone removing confidential data from an environment on a USB flash drive?

Defense in depth (correct)

Authorization

Authentication

Access control

What aspect of the Parkerian Hexad allows you to determine the proper owner or creator of data?

Integrity

Confidentiality

Availability

Authenticity (correct)

What is the difference between authorization and access control?

Authorization is the process of determining access, while access control is the process of granting access.

Authorization determines what an authenticated party can do, while access control is the tools and systems used to deny or allow access. (correct)

Authorization and access control are the same thing.

Authorization is used for physical access, while access control is used for logical access.

Which should take place first, authorization or authentication?

Authentication

What is the primary security focus of the Bell-LaPadula and Biba multilevel access control models?

Confidentiality

Can the Bell-LaPadula and Biba multilevel access control models be used together?

No, they have conflicting security requirements.

What is the primary purpose of encryption for protecting confidential data on a USB flash drive?

To prevent unauthorized access to the data

What is the Parkerian Hexad?

A framework for understanding information security

Which layer of security is implemented to deny or allow access to resources?

Access control

What is the purpose of authentication in the context of information security?

To verify the identity of a user or service

Which access control model protects integrity by ensuring that the resource can only be written by those with a high level of access and that those with a high level of access don't access a resource with a lower classification?

Biba model

What does the Bell-LaPadula model ensure while handling classified information?

You cannot read any higher than your clearance level

What is the confused deputy problem?

A problem that occurs when software misuses its level of authority

What is the main difference between access control lists (ACLs) and capabilities?

Capabilities are oriented around the use of a token that controls access

If the Web servers in our environment are based on Microsoft's Internet Information Server (IIS) and a new worm is discovered that attacks Apache Web servers, what do we not have to worry about?

Threat

Why is it important to identify your critical information?

To determine the value of your information assets

What part did George Washington play in the creation of operations security?

He created America's first intelligence community

When you have cycled through the entire operations security process, are you finished?

No, you need to update and reapply OPSEC regularly

From where did the first formal OPSEC methodology arise?

Vietnam War

Which US law protects the privacy of minors younger than 13 by restricting organizations from collecting their Personally Identifiable Information (PII)?

COPPA

Study Notes

Data Protection

• Data Exfiltration is the concept used to secure against someone removing confidential data from an environment on a USB flash drive.

Parkerian Hexad

• The Parkerian Hexad is a model used to identify the owner or creator of data, considering aspects such as possession, control, and ownership.

Access Control

• Authorization is the process of determining what a user can do with a resource, while access control is the process of controlling access to resources.
• Authentication should take place before authorization.
• Access control is implemented at the perimeter security layer to deny or allow access to resources.

Multilevel Access Control

• The Bell-LaPadula and Biba models are multilevel access control models that focus on confidentiality and integrity, respectively.
• The Bell-LaPadula model ensures that no read up or write down occurs, protecting confidentiality.
• The Biba model ensures that no write up or read down occurs, protecting integrity.
• Both models can be used together.

Encryption

• Encryption is used to protect confidential data on a USB flash drive.

Authenticaction

• Authentication is the process of verifying the identity of a user or device in the context of information security.

Capabilities and ACLs

• Access Control Lists (ACLs) and Capabilities are both access control models, with ACLs focusing on resources and Capabilities focusing on user permissions.

Web Server Security

• Since the worm attacks Apache Web servers, it does not affect Microsoft's Internet Information Server (IIS) environments.

Operations Security

• Identifying critical information is crucial in operations security to prioritize protection efforts.
• George Washington did not play a role in the creation of operations security.
• The operations security process is continuous, and cycling through the process does not mean it is finished.
• The first formal OPSEC methodology arose from the US Military.

Privacy Law

• The Children's Online Privacy Protection Act (COPPA) is a US law that protects the privacy of minors younger than 13 by restricting organizations from collecting their Personally Identifiable Information (PII).

Confused Deputy Problem

• The confused deputy problem occurs when a program is given more privileges than necessary to perform a task, leading to potential security risks.

Description

Test your knowledge on securing confidential data against USB data theft with this quiz! Learn about the layers of defense in depth and encryption methods to safeguard your environment. Explore the concept of authenticity in the Parkerian Hexad and understand how it helps in attributing actions. Challenge yourself and enhance your understanding of data protection!