Save
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CYB1100-UI CH1.3

Foundations of Information Security_Models for Discussing Security Issues

QuestionAnswer
When discussing security issues, it’s often helpful to have a model that you can use as a foundation or a baseline.
what does a model provide This provides a consistent set of terminology and concepts that we, as security professionals, can refer to.
Three of the primary concepts in information security are confidentiality, integrity, and availability
what is confidentiality, integrity and availability commonly known as the confidentiality, integrity, and availability (CIA) triad
The CIA triad is a model by which you can think about and discuss security concepts.
what are the other ways the CIA triad is also written sometimes written as CAI or expressed in its negative form as disclosure, alteration, and denial (DAD).
Confidentiality refers to our ability to protect our data from those who are not authorized to view it.
when can you implement confidentiality many levels of a process.
how does confidentiality get compromised can be compromised in a number of ways.
what are examples of common ways confidentiality gets compromised You could lose a laptop containing data. A person could look over your shoulder while you enter a password. You could send an email attachment to the wrong person, or an attacker could penetrate your systems
Integrity the ability to prevent people from changing your data in an unauthorized or undesirable manner
how do you maintain integrity you need to have the means to prevent unauthorized changes to your data, you need the ability to reverse unwanted authorized changes.
Integrity is particularly important when it concerns data that provides the foundation for other decisions.
what is an example of a particularly important scenario to maintain integrity for If an attacker were to alter the data that contained the results of medical tests, a doctor might prescribe the wrong treatment, which could kill the patient.
Availability refers to the ability to access our data when we need it.
in what ways can you lose availability due to a power loss, operating system or application problems, network attacks, or the compromising of a system, DoS attack
denial-of-service (DoS) attack. When an outside party, like an attacker, causes such availability issues
How Does the CIA Triad Relate to Security Given the elements of the CIA triad, we can begin to discuss security issues with more detail than we otherwise could
Although you can describe situations with relative accuracy using the CIA triad, you might find that the model is too restrictive to describe the entire situation.
what model do we use when the CIA triad model is too restrictive to describe the entire situation A more extensive model, the Parkerian hexad
what is the Parkerian hexad a more extensive but less known model providing a more complex variation of the CIA triad
what was the Parkerian hexad model named after Donn Parker
where was the Parkerian hexad model introduced introduced in Donn Parkers book Fighting Computer Crime
what does the Parkerian hexad model provide a more complex variation of the CIA triad
what are the other three principles in the Parkerian hexad model besides confidentiality, integrity and availability possession or control, authenticity, and utility
how many total principles does the Parkerian hexad model provide 6
name the principles in the Parkerian hexad model possession or control, authenticity, utility, confidentiality, integrity and availability
what is the difference regarding integrity for the Parkerian hexad model compared to the CIA triad Parker describes integrity slightly differently; he doesn’t account for authorized, but incorrect, modification of data. For him, the data must be whole and completely unchanged from its previous state.
Possession or Control refers to the physical disposition of the media on which the data is stored.
why use possession or control as a principle in a security model enables you to discuss your loss of the data in its physical medium without involving other factors such as availability.
principle of authenticity allows you to say whether you’ve attributed the data in question to the proper owner or creator.
what is an example of violating authenticity If you send an email message that is altered so that it appears to have come from a different email address than the one from which it was actually sent, you would be violating the authenticity of the email
how can authenticity be enforced using digital signatures
nonrepudiation which prevents people from taking an action
what is an example of nonrepudiation sending an email and then later denying that they have done so
utility refers to how useful the data is to you
what is special about utility in regards to the principles of the Parkerian hexad? is also the only principle of the Parkerian hexad that is not necessarily binary in nature; you can have a variety of degrees of utility, depending on the data and its format
Describe a situation in which utility is not binary in nature - can have vary degrees of utility dependent on data and its format imagine some of tapes were encrypted/some werent. For an attacker/unauthorized person,encrypted tapes would likely be of very little utility,data wouldnt be readable. The unencrypted tapes would be greater utility,attackerwould be able to access the data
what provides a practical basis/ way to discuss all the ways in which something can go wrong in the world of information security The concepts discussed in both the CIA triad and the Parkerian hexad
what do security models do enable you to better discuss the attacks that you might face and the types of controls that you need to put in place to combat them.
Created by: user-1830624
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards