InfoSec Midterm Studyguide

Bell-LaPadula Model

Focuses on confidentiality; no read up, no write down.

Biba's Model

Integrity through MAC; no write up and no read down

Clark-Wilson Model

Designed for Businesses to protect Integrity at all levels ("Well formed" Separation of duties and transactions)

Chinese Wall Model

Model designed to avoid conflicts of interest

RBAC Model

Bases controls on Job functions

Confidentiality

John copies Marys homework

Integrity

Gina Forges Rogers signature

Availability

Rhonda registers the domain name \Cocacola.com" and refuses to the soft drink company buy or use that domain name.

TLP:RED

For the eyes and ears of individual recipients only, no further disclosure

TLP:AMBER

Limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients

TLP:AMBER+STRICT

Restricts sharing to organization only

TLP:GREEN

Limited disclosure, recipients can spread this within their community

TLP:CLEAR

Recipients can spread this to the world, there is no limit on disclosure

Community

a group who share common goals, practices, and informal trust relationships

Organization

A group who share a common affiliation by formal membership and are bound by common policies.

Clients

people or entities that receive cybersecurity services from an organization.

Govern (GV)

The organization's cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored

Identify(ID)

The organizations current cybersecurity risks are understood

Protect(PR)

Safeguards to manage the organization's cybersecurity risks are used

Detect(DE)

Possible cybersecurity attacks and compromises are found and analyzed

Respond(RS)

Actions regarding a detected cybersecurity incident are taken

Recover(RC)

Assets and operations affected by a cybersecurity incident are restored.

CSF Functions are represented as a wheel because all of the functions relate to one another

True

The CSF provides a basis for improved communication regarding cybersecurity expectations, planning, and resources.

True

Cybersecurity risk management is not essential for addressing privacy risks related to the loss of the confidentiality, integrity, and availability of individuals' data

False

CSF Core

A taxonomy of high-level cybersecurity outcomes that can help any organization manage its cybersecurity risks. Its components are a hierarchy of Functions, Categories, and Subcategories that detail each outcome.

CSF Function

The highest level of organization for cybersecurity outcomes. There are six CSF Functions: Govern, Identify, Protect, Detect, Respond, and Recover

CSF Tier

A characterization of the rigor of an organization's cybersecurity risk governance and management practices.

One-Way

The original data could not be reconstructed from the hash

Diffusion

any variation in the input data should result in changing at least half of the output hash.

Determinism

hashing a given input will always produce the same digest.

Collision resistance

getting the same digest from two different input data should be extremely hard.

Non-predictable

the hash value could not be predicted.

Data Encryption Standard (DES)

One of the earliest symmetric encryption algorithms. It is no longer considered secure and should be avoided.

Triple DES

Performs faster in hardware than software. Although better than DES, it is not the strongest symmetric encryption algorithm

Advanced Encryption Standard (AES)

One of the most popular symmetric encryption algorithms today. There are no known attacks thus, it is often the recommended symmetric encryption algorithm to use

In Asymmetric encryption; if the private key encrypts the data, only the public key can decrypt it. If the public key encrypts the data, only the private key can decrypt it.

RSA is an acronym for its inventors Rivest, Shamir, and Adleman.

True

A digital signature can verify the sender's identity, prevent the sender from denying that they sent the message (known as non-repudiation), and prove the integrity of the message.

True

Digital Signatures leverage the mathematical relationship between symmetric keys

False

Diffie Hellman (DH) is a popular symmetric encryption algorithm that allows two parties that have no prior knowledge of each other to agree on a shared secret over an insecure channel.

False

A computer system without integrity can provide confidentiality

False

A computer system without confidentiality can provide integrity

False