Information Security –Questions With Correct Answers
Threat ✔️Ans - A threat to a system is any potential occurrence, malicious or
otherwise, that can have an adverse effect on the assets and resources
associated with the system.
Vulnerability ✔️Ans - A vulnerability of a system is some characteristic that
makes it possible for a threat to occur.
Attack ✔️Ans - An attack on a system is some action that involves
exploitation of some vulnerability in order to cause an existing threat to occur.
Threats can be classified into four broad categories. ✔️Ans - Disclosure -
unauthorized access to information
Deception - acceptance of false data
Disruption - interruption or prevention of correct operation
Usurpation - unauthorized control of some part of a system
Examples of threat types are? ✔️Ans - Snooping, sniffing, spoofing, delay,
denial of service, theft of computational resources.
Confidentiality ✔️Ans - Prevention of unauthorized disclosure of
information
Integrity ✔️Ans - Prevention of unauthorized modification of information
Availability ✔️Ans - Ability to withstand unauthorized withholding of
information or resources.
Security Policy ✔️Ans - A security policy is a statement of what is, and is not,
allowed. It can be informal or highly mathematical. A security policy considers
confidentiality, integrity, and availability.
Security Mechanism ✔️Ans - A security mechanism is a procedure, tool, or
method of enforcing security policy.
Confidentiality Policy ✔️Ans - Identifies information leakage and controls
information flow.
, Integrity Policy ✔️Ans - Identifies authorized ways in which information
may be altered. Enforces separation of duties.
Availability Policy ✔️Ans - Describes what services must (and must not) be
provided.
Goals of Security Mechanism ✔️Ans - Given a policy that specifies what is
"secure" and what is "non-secure" goal of security is to put in place
mechanisms that provide:
- Prevention
- Detection
- Recovery
Examples of Security Mechanisms? ✔️Ans - Cryptography and cryptographic
protocols.
Software controls.
Hardware controls.
Physical controls.
Trust ✔️Ans - Security policies and mechanisms are based on assumptions
and one trusts that these assumptions hold.
Mitigation ✔️Ans - The theory that if you can limit the resources that an
attacker has access to, then you can prevent most attacks.
Fundamental Design Principles ✔️Ans - General Design Principles:
1. Principle of open design
2. Principle of sweeping simplifications
3. Principle of design for iteration
4. Principle of least astonishment
Principle of Open Design ✔️Ans - Get others to comment on your design.
Talk through your design with outsiders.
Principle of Sweeping Simplifications ✔️Ans - KISS (keep it simple stupid).
Makes design and interactions easy. Easy to prove its safety. Complexity !=
security.
Threat ✔️Ans - A threat to a system is any potential occurrence, malicious or
otherwise, that can have an adverse effect on the assets and resources
associated with the system.
Vulnerability ✔️Ans - A vulnerability of a system is some characteristic that
makes it possible for a threat to occur.
Attack ✔️Ans - An attack on a system is some action that involves
exploitation of some vulnerability in order to cause an existing threat to occur.
Threats can be classified into four broad categories. ✔️Ans - Disclosure -
unauthorized access to information
Deception - acceptance of false data
Disruption - interruption or prevention of correct operation
Usurpation - unauthorized control of some part of a system
Examples of threat types are? ✔️Ans - Snooping, sniffing, spoofing, delay,
denial of service, theft of computational resources.
Confidentiality ✔️Ans - Prevention of unauthorized disclosure of
information
Integrity ✔️Ans - Prevention of unauthorized modification of information
Availability ✔️Ans - Ability to withstand unauthorized withholding of
information or resources.
Security Policy ✔️Ans - A security policy is a statement of what is, and is not,
allowed. It can be informal or highly mathematical. A security policy considers
confidentiality, integrity, and availability.
Security Mechanism ✔️Ans - A security mechanism is a procedure, tool, or
method of enforcing security policy.
Confidentiality Policy ✔️Ans - Identifies information leakage and controls
information flow.
, Integrity Policy ✔️Ans - Identifies authorized ways in which information
may be altered. Enforces separation of duties.
Availability Policy ✔️Ans - Describes what services must (and must not) be
provided.
Goals of Security Mechanism ✔️Ans - Given a policy that specifies what is
"secure" and what is "non-secure" goal of security is to put in place
mechanisms that provide:
- Prevention
- Detection
- Recovery
Examples of Security Mechanisms? ✔️Ans - Cryptography and cryptographic
protocols.
Software controls.
Hardware controls.
Physical controls.
Trust ✔️Ans - Security policies and mechanisms are based on assumptions
and one trusts that these assumptions hold.
Mitigation ✔️Ans - The theory that if you can limit the resources that an
attacker has access to, then you can prevent most attacks.
Fundamental Design Principles ✔️Ans - General Design Principles:
1. Principle of open design
2. Principle of sweeping simplifications
3. Principle of design for iteration
4. Principle of least astonishment
Principle of Open Design ✔️Ans - Get others to comment on your design.
Talk through your design with outsiders.
Principle of Sweeping Simplifications ✔️Ans - KISS (keep it simple stupid).
Makes design and interactions easy. Easy to prove its safety. Complexity !=
security.
