Comp3704 Midterm
Data - correct answer ---- can be any character, number, text, word, or binary
representation but is lacking context. ----- that is given context and meaning then becomes information
Information - correct answer Any communication or representation of
knowledge.Such as facts, data, or opinions In any medium or form including but not limited to: textual,
numerical, graphic, cartographic, narrative audiovisual
Information System - correct answer Any organized system for the collection,
organization, storage and communication of information.. A discrete set of information resources
organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of
information.
Information Technology - correct answer Any equipment or interconnected
system or subsystem of equipment that is used in the automatic...
Acquisition Storage Management Movement Control
Display Switching Interchange Transmission Reception
Information Security - correct answer The practice of preventing unauthorized
access, use, disclosure, disruption, modification, inspection, recording or destruction of information
ROT-13 Cipher - correct answer Move character 13 places in it's alphabetic
position. A-Z = 1-26 . first/early form of a cipher and cryptography used by Ceaser
Communication Security: Enigma Machine - correct answer Invented at the
end of WWI. Used commercially in '20s, and by military/governments before & during WWII. Although it
had some cryptographic weaknesses, it failed due to operator mistakes, procedural flaws, and allied
capture of key table and hardware
Hackers - correct answer Technical experts; skilled, often young, computer
programmers, who almost whimsically probe the defenses of a computer system, searching out the
,limits and the possibilities of the machine. Despite their seemingly subversive role, hackers are a
recognized asset in the computer industry, often highly prized.
Security threats - correct answer Spam Malware Botnets Social Engineering
Mainstream Viruses Hacking Tools
The CIA Triad: - correct answer Confidentiality, Integrity and Availability
Confidentiality - correct answer The property that sensitive information is not
disclosed to unauthorized individuals, entities, or processes
Integrity - correct answer The property that sensitive data has not been
modified or deleted in an unauthorized and undetected manner
Availability - correct answer The property that information is accessible in a
timely and reliable manner
InfoSec Mechanisms - correct answer Authentication (AuthN) ,Authorization
(AuthZ), Non-Repudiation / Accounting
Authentication - correct answer Verify (with a certain level of confidence) the
identity of a user, process, device, or other entity. and Encompasses identity verification, message origin
authentication, and message content authentication.
Authorization - correct answer Grant and restrict information and system
privileges to a user, program, process, or other entity. Once you have been identified, what actions can
you perform?
Non-Repudiation - correct answer Protect against an individual falsely denying
having performed a particular action. Provides the capability to determine whether a given individual
took a particular action such as creating information, sending a message, approving information, and
receiving a message. How can the improper storage of passwords be a non-repudiation issue? If more
than one person knows the password at any time non-repudiation is nulled This includes system admins
, storing passwords in the clear This also includes password complexity scanning and cracked passwords
Makes evidence against computer crimes less admissible in court
Prioritize the CIA properties for these types of information - correct answer
Your bank card PIN
An electronic money transfer / bill payment
Your healthcare records
Your laptop
Principle of Least Privilege - correct answer Only allow access to information
(systems) according to necessity. Minimizes the attack surface. Users should be able to perform only the
actions required for their job What are some examples of highly priviledged users? Administrators How
about payroll? How about software developers? Should everyone have access to everything? Requires
careful analysis of business roles
Defense in Depth - correct answer Employ layers of defense to reduce risk of
harm to assets. Maximize defenses against threats. E.g. locked cabinet and admin password protects
integrity of lab computers. E.g. cyber-intelligence and lots of bandwidth reduces the risk of a DDOS
attack harming my company.
Basically never say things like "Oh, but we have a firewall so why do we need to do that too?" What are
some examples of Defense in Depth during daily life? Your car door has a lock, so why do you need an
alarm? Your house has a lock and an alarm, so why do you have a safe?
- correct answer
Policies - correct answer Is clear and concise
Outlines the consequences of not being followed
Make them modular
Don't reference document/information locations that might change
Solicit feedback
- correct answer Something of value.
Something worth protecting.
Data - correct answer ---- can be any character, number, text, word, or binary
representation but is lacking context. ----- that is given context and meaning then becomes information
Information - correct answer Any communication or representation of
knowledge.Such as facts, data, or opinions In any medium or form including but not limited to: textual,
numerical, graphic, cartographic, narrative audiovisual
Information System - correct answer Any organized system for the collection,
organization, storage and communication of information.. A discrete set of information resources
organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of
information.
Information Technology - correct answer Any equipment or interconnected
system or subsystem of equipment that is used in the automatic...
Acquisition Storage Management Movement Control
Display Switching Interchange Transmission Reception
Information Security - correct answer The practice of preventing unauthorized
access, use, disclosure, disruption, modification, inspection, recording or destruction of information
ROT-13 Cipher - correct answer Move character 13 places in it's alphabetic
position. A-Z = 1-26 . first/early form of a cipher and cryptography used by Ceaser
Communication Security: Enigma Machine - correct answer Invented at the
end of WWI. Used commercially in '20s, and by military/governments before & during WWII. Although it
had some cryptographic weaknesses, it failed due to operator mistakes, procedural flaws, and allied
capture of key table and hardware
Hackers - correct answer Technical experts; skilled, often young, computer
programmers, who almost whimsically probe the defenses of a computer system, searching out the
,limits and the possibilities of the machine. Despite their seemingly subversive role, hackers are a
recognized asset in the computer industry, often highly prized.
Security threats - correct answer Spam Malware Botnets Social Engineering
Mainstream Viruses Hacking Tools
The CIA Triad: - correct answer Confidentiality, Integrity and Availability
Confidentiality - correct answer The property that sensitive information is not
disclosed to unauthorized individuals, entities, or processes
Integrity - correct answer The property that sensitive data has not been
modified or deleted in an unauthorized and undetected manner
Availability - correct answer The property that information is accessible in a
timely and reliable manner
InfoSec Mechanisms - correct answer Authentication (AuthN) ,Authorization
(AuthZ), Non-Repudiation / Accounting
Authentication - correct answer Verify (with a certain level of confidence) the
identity of a user, process, device, or other entity. and Encompasses identity verification, message origin
authentication, and message content authentication.
Authorization - correct answer Grant and restrict information and system
privileges to a user, program, process, or other entity. Once you have been identified, what actions can
you perform?
Non-Repudiation - correct answer Protect against an individual falsely denying
having performed a particular action. Provides the capability to determine whether a given individual
took a particular action such as creating information, sending a message, approving information, and
receiving a message. How can the improper storage of passwords be a non-repudiation issue? If more
than one person knows the password at any time non-repudiation is nulled This includes system admins
, storing passwords in the clear This also includes password complexity scanning and cracked passwords
Makes evidence against computer crimes less admissible in court
Prioritize the CIA properties for these types of information - correct answer
Your bank card PIN
An electronic money transfer / bill payment
Your healthcare records
Your laptop
Principle of Least Privilege - correct answer Only allow access to information
(systems) according to necessity. Minimizes the attack surface. Users should be able to perform only the
actions required for their job What are some examples of highly priviledged users? Administrators How
about payroll? How about software developers? Should everyone have access to everything? Requires
careful analysis of business roles
Defense in Depth - correct answer Employ layers of defense to reduce risk of
harm to assets. Maximize defenses against threats. E.g. locked cabinet and admin password protects
integrity of lab computers. E.g. cyber-intelligence and lots of bandwidth reduces the risk of a DDOS
attack harming my company.
Basically never say things like "Oh, but we have a firewall so why do we need to do that too?" What are
some examples of Defense in Depth during daily life? Your car door has a lock, so why do you need an
alarm? Your house has a lock and an alarm, so why do you have a safe?
- correct answer
Policies - correct answer Is clear and concise
Outlines the consequences of not being followed
Make them modular
Don't reference document/information locations that might change
Solicit feedback
- correct answer Something of value.
Something worth protecting.
