Save
Upgrade to remove ads
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CYB1UofI_FISCH1.3

Models For Discussing Security Issues

QuestionAnswer
what is helpful to have when discussing security issues helpful to have a model that you can use as a foundation or a baseline
what does a security model provide a consistent set of terminology and concepts that we, as security professionals, can refer to.
common security model The Confidentiality, Integrity, and Availability Triad
what are Three of the primary concepts in information security confidentiality, integrity, and availability
why do you use the CIA triad is a model by which you can think about and discuss security concepts
what is the CIA triad sometimes written as CAI
what is the CIA triad sometimes also expressed as its negative form as disclosure, alteration and denial (DAD)
what is CAI CIA Triad (Confidentiality, Availability and Integrity)
What is DAD acronym stand for Disclosure, Alteration and Denial (Negative Form of CIA triad)
CONFIDENTIALITY refers to our ability to protect our data from those who are not authorized to view it
when can you implement confidentiality at many levels of a process
describe how confidentiality is used during the process of a person withdrawing money from an ATM Part 1: Individual Drawing Money The person in question will likely seek to maintain the confidentiality of the personal identification number (PIN) that allows them to draw funds from the ATM if they have his ATM card.
describe how confidentiality is used during the process of a person withdrawing money from an ATM Part 2 : Owner of ATM The owner of the ATM will maintain the confidentiality of the account number, balance, and any other information needed to communicate to the bank from which the funds are being drawn.
describe how confidentiality is used during the process of a person withdrawing money from an ATM Part 3: The bank The bank will also maintain the confidentiality of the transaction with the ATM and the balance change in the account after the funds have been withdrawn
what are some ways that confidentiality can be compromised Could lose a laptop containing data. A person could look over your shoulder while you enter a password. You could send an email attachment to the wrong person. An attacker could penetrate your systems
True or False: Confidentiality can be compromised in a number of ways True
INTEGRITY is the ability to prevent people from changing your data in an unauthorized or undesirable manner
what is needed to maintain Integrity you need to have the means to prevent unauthorized changes to your data and you need the ability to reverse unwanted authorized changes.
what is a good example of the mechanisms used to control integrity File system of OSs. For the purposes of preventing unauthorized changes, systems often implement permissions that restrict what actions an unauthorized user can perform on a given file. Many can allow you to undo/roll back changes that are undesirable
OS operating systems (windows, Linux)
Describe a scenario of how implementing permissions can prevent unauthorized changes and maintain integrity the owner of a file might have permission to read it and write to it , while others may only have permission to read or no permission to access it at all
what is an example of an application that maintains integrity by allowing you to undo or roll back changes that are undesirable databases
when is integrity particularly important when it concerns data that provides the foundation for other decisions
give an example of how data integrity is particularly important when it provides the foundation for other decisions in the medical setting if an attacker were to alter the data that contained the results of medical tests, a doctor might prescribe the wrong treatment which could kill the patient
AVAILABILITY refers to the ability to access our data when we need it
what are ways that you can loose availability due to power loss, operating system or application problems, network attacks, or the compromising of a system
DENIAL OF SERVICE attack when an outside party (attacker) causes availability issues through compromising of a system, network attacks, operating system or application problems or power loss
what does the DoS acronym stand for Denial of Service Attack
how does the CIA triad relate to security given the elements of the CIA triad we can begin to discuss security issues with more detail than we otherwise could
Use the CIA triad to discuss security concerns regarding a shipment of backup tapes on which you've stored the only existing, unencrypted copies of some sensitive data P1 Confidentiality Concerns If you were to lose the shipment in transit, you would have a security issue. This is likely to include a breach of confidentiality since your files were not encrypted.
Use the CIA triad to discuss security concerns regarding a shipment of backup tapes on which you've stored the only existing, unencrypted copies of some sensitive data P2 Integrity Concerns The lack of encryption could also cause integrity issues. If you recover tapes in the future, it may not be immediately obvious to you if an attacker had altered the unencrypted files, as you would have no good way to discern altered from unaltered data
he CIA triad to discuss security concerns regarding a shipment of backup tapes on which you've stored the only existing, unencrypted copies of some sensitive data P3 Availability You'll have an issue unless the tapes are recovered since you don't have backup copies of the files
what is the draw back of using the CIA triad you might find the model is too restrictive to describe the entire situation
what is a more extensive model than the CIA triad the Parkerian hexad
what model should be used if you find the CIA triad is too restrictive to describe the entire situation the Parkerian hexad
Describe how well known the Parkerian hexad model in relation to the CIA Triad less well known
who waw the Parkerian hexad model named after Donn Parker
where was the Parkerian Hexad introduced Fighting Computer Crime by Donn Parker
what is the Parkerian Hexad model a more complex variation of the classic CIA triad
What does the CIA triad consist of confidentiality, integrity and availability
what does the Parkerian hexad consists of the CIA triad principles (confidentiality, integrity, and availability) as well as possession or control, authenticity and utility
how many total principles does the CIA triad have 3
how many total principles does the Parkerian hexad have 6
How is Confidentiality defined in the Parkerian Hexad refers to our ability to protect our data from those who are not authorized to view it.
How is Integrity defined in the Parkerian Hexad is the ability to prevent people from changing your data in an unauthorized manner (he doesn't account for authorized but incorrect modification of data. The data must be whole and completely unchanged from its previous state)
How is Availability defined in the Parkerian Hexad refers to the ability to access our data when we need it.
How is Possession defined in the Parkerian Hexad refers to the physical disposition of the media on which the data is stored
How is Control defined in the Parkerian Hexad refers to the physical disposition of the media on which the data is stored
Is Possession and Control the same thing in the Parkerian Hexad Yes
What does describing possession/control in the Parkerian Hexad allow you to do as a security analyst It enables you to discuss your loss of the data in its physical medium without involving other factors such as availability
Use the Parkerian Hexad to discuss security concerns regarding a shipment of backup tapes on which you've stored the only existing, unencrypted copies of some sensitive data. Some of the backup tapes were encrypted, some were not. P1 Possession/Control the encrypted tapes in the lot cause a possession problem but not a confidentiality problem, while the unencrypted tapes cause a problem on both counts
What are the advantages of using the principle of possession to describe security concern regarding a shipment of backup tapes on which stored only existing, unencrypted copies of some sensitive data. Some of the backup tapes were encrypted, some were not The principle of possession would enable you to more accurately describe the scope of the incident
How is the principle of Authenticity defined in the Parkerian Hexad allows you to say whether you’ve attributed the data in question to the proper owner or creator.
What principle of the Parkerian Hexad would be violated if you send an email message that is altered so that it appears to have come from a different email address than the one from which it was actually sent you would be violating the authenticity of the email
how can authenticity be enforced using digital signatures
what is a similar but reversed concept of authenticity nonrepudiation
NONREPUDIATION which prevents people from taking an action and then later denying that they have done so
How is Utility defined in the Parkerian Hexad refers to how useful the data is to you
what is the only principle in the Parkerian Hexad that is not necessarily binary in nature Utility: you can have a variety of degrees of utility, depending on the data and its format
what type of subject is Utility ? somewhat of an abstract concept
why is utility discussed even though it can be abstract concept? prove useful in discussing certain situations in the security world
Use the Parkerian Hexad to discuss the principle of Utility regarding a shipment of backup tapes which you've stored the only existing, unencrypted copies of some sensitive data. Some of the backup tapes were encrypted, some were not. P1 Utility For an attacker or unauthorized person the encrypted tapes would be of very little utility, as the data would not be readable. The unencrypted tapes would be of much greater utility, as the attacker or unauthorized person would be able to access the data
what provides a practical basis to discuss all the ways in which something could go wrong in the world of information security the concepts in both the CIA triad and the Parkerian Hexad
what does the models (CIA triad and Parkerian Hexad) allow you to do enable you to better discuss the attacks that you might face and the types of controls that you need to put in place to combat them
Created by: user-1830624
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards