Deck 1: Introduction

A connection-oriented integrity service deals with individual messages without regard to any larger context and generally provides protection against message modification only.

Information access threats exploit service flaws in computers to inhibit use by legitimate users.

The emphasis in dealing with passive attacks is on prevention rather than detection.

In developing a particular security mechanism or algorithm one must always consider potential attacks on those security features.

Patient allergy information is an example of an asset with a moderate requirement for integrity.

Viruses and worms are two examples of software attacks.

There are clear boundaries between network security and internet security.

There is a natural tendency on the part of users and system managers to perceive little benefit from security investment until a security failure occurs.

Data origin authentication provides protection against the duplication or modification of data units.

Data integrity is the protection of data from unauthorized disclosure.

The more critical a component or service, the higher the level of availability required.

The CIA triad embodies the fundamental security objectives for both data and for information and computing services.

With the introduction of the computer the need for automated tools for protecting files and other information stored on the computer became evident.

A possible danger that might exploit a vulnerability, a _________ is a potential for violation of security which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.


An intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is an __________ .


Student grade information is an asset whose confidentiality is considered to be highly important by students and, in the United States, the release of such information is regulated by the __________.


Active attacks can be subdivided into four categories: replay, modification of messages, denial of service, and __________ .



X.800 divides security services into five categories: authentication, access control, nonrepudiation, data integrity and __________ .


The common technique for masking contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message is _________ .


A __________ attack attempts to learn or make use of information from the system but does not affect system resources.


__________ is the use of mathematical algorithms to transform data into a form that is not readily intelligible, in which the transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.


_________ is defined as "the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources".

Three key objectives that are at the heart of computer security are: confidentiality, availability, and _________ .


A loss of _________ is the disruption of access to or use of information or an information system.

A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.

__________ prevents either sender or receiver from denying a transmitted message; when a message is sent the receiver can prove that the alleged sender in fact sent the message and when a message is received the sender can prove that the alleged receiver in fact received the message.


In the context of network security, _________ is the ability to limit and control the access to host systems and applications via communications links.


The __________ is a worldwide federation of national standards bodies that promote the development of standardization and related activities with a view to facilitating the international exchange of goods and services and to developing cooperation in the spheres of intellectual, scientific, technological, and economic activity.