.png){kind=logo}
1
DETAILED ANSWERS|LATEST
PASS Information security - ANSWER protecting data, software, and hardware secure against unauthorized access, use, disclosure, disruption, modification, or destruction.
Compliance - ANSWER The requirements that are set forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government agencies
DAD Triad - ANSWER Disclosure, alteration, and denial
CIA Triad - ANSWER The core model of all information security concepts. Confidential, integrity and availability
Confidential - ANSWER Ability to protect our data from those who are not authorized to view it.
What ways can confidentiality be compromised? - ANSWER - lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
- / 4
2
integrity - ANSWER Keeping data unaltered by accidental or malicious intent
How to maintain integrity? - ANSWER Prevent unauthorized changes to the data and the ability to reverse unwanted authorized changes.
Via system/file permissions or Undo/Roll back undesirable changes.
Availability - ANSWER The ability to access data when needed
Ways Availability can be compromised - ANSWER - Power loss
- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS) - ANSWER Security problem in which users are not able to access an information system; can be caused by human errors, natural disaster, or malicious activity.
Parkerian hexad model - ANSWER A model that adds three more principles to the CIA
triad:
Possession/Control Utility Authenticity
Possession/ control - ANSWER Refers to the physical disposition of the media on which the data is stored; This allows you to discuss loss of data via its physical medium.
- / 4
3
Principle of Possession example - ANSWER Lost package (encrypted USB's and unencrypted USB's)
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is compromised only via possession).
Principle of Authenticity - ANSWER Allows you to say whether you've attributed the data in question to the proper owner/creator.
Ways authenticity can be compromised - ANSWER Sending an email but altering the message to look like it came from someone else, than the original one that was sent.
Utility - ANSWER How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
Security Attacks - ANSWER Broken down from the type of attack, risk the attack represents, and controls you might use to mitigate it.
Types of attacks - ANSWER 1- interception 2- interruption 3- modification 4- fabrication
Interception - ANSWER Attacks allows unauthorized users to access our data, applications, or environments.
- / 4
4
Primarily an attack against confidentiality
Interception Attack Examples - ANSWER Unauthorized file viewing, copying, eavesdropping on phone conversations, reading someone's emails.
Interruption - ANSWER Attacks cause our assets to become unstable or unavailable for our use, on a temporary or permanent basis.
This attack affects availability but can also attack integrity
Interruption Attack Examples - ANSWER DoS attack on a mail server; availability attack
Attacker manipulates the processes on which a database runs to prevent access; integrity attack.
Could also be a combo of both.
Modification - ANSWER Attacks involve tampering with our asset.
Such attacks might primarily be considered an integrity attack, but could also be an availability attack.
Modification Attack example - ANSWER Accessing a file in a unauthorized manner and alter the data it contains; affects the integrity.
If the file in question is a config file that manages how a service behaves (web server) this may affect the availability.
- / 4
.png)