Deck 2: General Security Concepts

Authentication means that the person who sends and e-mail will be unable to deny sending the e-mail.

Access controls,firewalls,and encryption are technologies used for prevention.

Computer security and information assurance are the same thing.

Auditability refers to whether a control can be verified as functioning or not.

Nonrepudiation means that the person who sends an e-mail will be unable to deny sending the e-mail.

The A in CIA refers to the term auditability.

Audit logs,intrusion detection systems,and honeypots are technologies used for detection.

During the day,it takes an employee twice as long to retrieve files from the server that is under attack.The attack has resulted in a degradation of availability.
If the employee is able to get the files,but it takes twice as long,it means that the employee can only get half as many files in a day.

When files are modified by someone who is not authorized to do so,this is problem of confidentiality.

The formula for the operational model of computer security is Prevention = Protection + (Detection + Response)

Backups,incident response teams,and computer forensics are response technologies.

_______________ deals with the ability to verify that a message has been sent and received and that the sender can be identified and verified.

Ensuring that an individual is who they claim to be before allowing them to access information they are authorized to access is _______________.

A security procedure is a high-level statement produced by senior management that outlines both what security means to the organization and the organization's goals for security.

To ensure that only those individuals who have authority to view a piece of information may do so is called _______________.

Bob works in a small office with a network of computers.Bob,along with all the other employees,is responsible for securing his own computer on the network.This is an example of network security.

_______________ security takes a granular view of security by focusing on protecting each computer and device individually instead of addressing protection of the network as a whole.

Three means of establishing auditability: something you know,something you have,or something you are.

_______________ security places the emphasis on controlling access to internal computers from external entities.

Network security places the emphasis on controlling access to external resources from internal entities.

_______________ is the condition that a control can be verified as functioning.

The ability to manage whether a subject can interact with an object is called _______________.

Operating systems and applications all implement rights and permissions the same way.

Gathering seemingly unimportant information and then combining it to discover potentially sensitive information is known as _______________.

The concept of separation of duties applies to networks,but is inappropriate for physical environments.

Ensuring that changes made to the data are only done by users who are authorized to do so protects the data's _______________.

All applications,scripts,and batch files run in the same security context of the user who is logged in at the time.

The objective of the Bell-LaPadula security model is integrity.

_______________ ensures that the data,or the system itself,is available for use when the authorized user wants it.

Making the effort to compromise a system more costly than the value of accomplishing it is the goal of security.

During a job interview you are asked to explain in what ways you would secure the company's information if you were hired.Using any three security policies from the chapter,describe how you would secure their information.

Describe the Bell-LaPadula and Biba security models and the policies they use to protect information.

Your boss is concerned with information security issues concerning new employees and employees who leave the company and would like your recommendations.Describe what human resources policies should be in place.

In the context of information security,what does the acronym CIA stand for? Explain each term.

During a job interview you are asked to explain in what ways you would secure the company's information if you were hired.Using any three principles of security from the chapter,describe how you would secure their information.