Principles of Cyber Security Questions and Answers 100% Accurate
7 views 0 purchase
Course
Cyber Security
Institution
Cyber Security
Principles of Cyber Security Questions and Answers 100% Accurate
CIA
Confidentiality, Integrity, Availability
Confidentiality
The avoidance of the unauthorized disclosure of information. It involves the protection of data, providing access for those who are allowed to see it while disallo...
Confidentiality - answer The avoidance of the unauthorized disclosure of information. It
involves the protection of data, providing access for those who are allowed to see it
while disallowing others from learning anything about its content. This can be achieved
with:
- Encryption
- Access Control
- Authentication
- Authorization
- Physical Security
Integrity - answer The property that information has not been altered in an unauthorized
way. This can be achieved with:
- Backups
- Checksums
- Data correcting codes
Accessibility - answer The property that information is accessible and modifiable in a
timely fashion by those authorized to do so. This can be achieved with:
- Physical protection
- Computational redundancies
Access Control - answer Rules and policies that limit access to confidential information
to those people and/or systems with a 'need to know'. This can be decided by a
person's identity, role or computer serial number
Authentication - answerThe determination of the identity or role that someone has
Authorisation - answerThe determination if a person or system is allowed access to
resources, based on an access control policy
Physical Security - answerThe establishment of physical barriers to limit access to
protected computational resources
*AAA* - answerAssurance, Authenticity, Anonymity
Assurance - answerRefers to how trust is provided and managed in computer systems.
It depends on: policies, permissions and protections
, Authenticity - answerThe ability to determine that statements, policies, and permissions
issued by persons or systems are genuine. To do this we can use digital signatures
Anonymity - answerThe property that certain records or transactions not to be
attributable to any individual. This is achieved through:
- *Aggregation*: combining data from many individuals so that sum or averages can't be
tied to individuals
- *Mixing*: intertwining transactions, information, or communications in a way that
cannot be traced to an individual
- *Proxies*: trusted agents that are willing to engage in actions for an individual in a way
that cannot be traced back
- *Pseudonyms*: fictional identities that are known only to a trusted entity
Digital Signatures - answerCryptographic computations that allow a person or system to
commit to the authenticity of their documents in a unique way that achieves
nonrepudiation, which is the property that authentic statements issued by some person
or system cannot be denied
Repudiation Attack - answerThe denial of a commitment or data receipt. This involves
an attempt to back out of a contract or a protocol that requires the different parties to
provide receipts acknowledging that data has been received.
10 Security Principles - answer*Economy of Mechanism*: keep it simple in design and
implementation
*Fail Safe Defaults*: the default configuration of a system should have a conservative
protection scheme
*Complete Mediation*: every access to a resource must be checked for compliance with
a protection scheme
*Open Design*: the security architecture and design of a system should be made
publicly available. It's the strength of the mechanism that is important and this can be
ensured when it is scrutinized by multiple parties
*Separation of Privilege*: multiple conditions should be required to achieve access to
restricted resources or have a program perform some action
*Least Privilege*: each program and user should operate with the bare minimum
privileges necessary to function properly
*Least Common Mechanism*: resource sharing on systems with multiple users should
be limited
*Psychological Acceptability*: user interfaces should be well designed and intuitive, and
all security-related settings should adhere to what an ordinary user might expect
*Work Factor*: the cost of circumventing a security mechanism should be compared
with the resources of an attacker when designing a security scheme
*Compromise Recording*: sometimes it is more desirable to record the details of an
intrusion than to adopt more sophisticated measures to prevent it
Cyber Actors - answerCybercriminals
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller julianah420. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $16.49. You're not tied to anything after your purchase.