ITI Study Guide - Exam 3: Security and Privacy

5.0(4)
studied byStudied by 724 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/34

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

35 Terms

1
New cards

CIA Triad

Confidentiality, Integrity, Availability

2
New cards

“Confidentiality” in the CIA Triad

The protection of information from people who are not authorized to view it

3
New cards

“Integrity” in the CIA Triad

Ensuring that information is protected from an unauthorized or unintentional alteration (information stays accurate)

4
New cards

“Availability” in the CIA Triad

Systems and data are accessible by users whenever and wherever they are needed

5
New cards

OSINT

A method of gathering information from public or other open sources

6
New cards

Does the Constitution guarantee a right to privacy?

No; instead, the right of privacy exists in the “penumbras” (zones) created by the Constitution

7
New cards

Griswold v. Connecticut

Court case that addressed the existence of the right to privacy through penumbras

8
New cards

Family Educational Rights and Privacy Act (FERPA)

Students have the right to have control over the disclosure of personally identifiable information from records

9
New cards

System

Information resources of any size or complexity, organized expressly for the collection, processing, use, sharing, dissemination, maintenance, or disposition of data or information

10
New cards

Information (in technical terms)

Facts, ideas, or knowledge as various forms of data that can be communicated between system entities

11
New cards

Information Security

The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction

12
New cards

Social Engineering

Any act that influences a person to take an action that may or may not be in his or her best interests

13
New cards

What is a common example of social engineering?

TV commercials

14
New cards

Hacktivism

The use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change

15
New cards

Guerilla Open Access Manifesto

Written by Aaron Swartz to protest limited access to archives —> suggested the idea of making copies of information and sharing them with others

16
New cards

DNS

Domain Name Server

17
New cards

DNS Resolver

Phonebook of the Internet

18
New cards

IP or IP address

An identifier for a device on a network

19
New cards

How does DNS work?

  1. When you enter a website into your browser, the computer searches its cache memory for the IP address.

  2. If it can’t find it, it sends the request to the DNS, who looks for the IP address in its cache memory.

  3. If the DNS can’t find it, it sends the request to the root server.

  4. If the root server can’t find it, it sends the request to the TLD server.

  5. If the TLD server can’t find it, it sends the request to the authoritative name server.

  6. If the IP address is found, it is sent back to the DNS, which sends it to the computer.

20
New cards

Encryption

The process of making information unreadable

21
New cards

Decryption

The process of making information readable (usually with a key)

22
New cards

Data at rest

Information that is stored somewhere

23
New cards

Full-disk encryption

Encrypts all the information stored on a device and protects it with a passphrase or another authentication method

24
New cards

File encryption

Encrypts only specific, individual files on a device

25
New cards

Drive encryption

Encrypts all the data on a specific storage area on a device

26
New cards

Data in transit

Information that is moving over a network from one place to another

27
New cards

Transport-layer encryption / Transport layer security (TLS)

Protects messages as they travel from your device to the app's servers and from the app's servers to the recipient's device, but the messaging service provider can see unencrypted copies of your messages

28
New cards

End-to-end encryption

Protects messages in transit all the way from sender to receiver; the message is encrypted by the original sender and can only be decoded by its final recipient

29
New cards

Examples of data in transit

Sending messages on messaging apps

  • Message moves from your device to recipient's device

Web browsing

  • Data from webpage travels to website's servers to your browser

30
New cards

Examples of TLS

HTTPS

  • Website servers can see the data you enter while on the site

    • This information is unreadable to eavesdroppers on the network

VPN

  • Traffics still travels over ISP's connection, but is encrypted between you and your VPN provider

31
New cards

Caesar Cipher

An old (but nowadays weak) encryption method that involves the shifting of characters a certain number of times

32
New cards

Plaintext

Readable text that is not encrypted

33
New cards

Ciphertext

Unreadable text that is encrypted

34
New cards

Symmetric key encryption

Uses one key for both encrypting and decrypting messages

35
New cards

Asymmetric key encryption / public key encryption

Uses two keys: a public key for encryption and a private key for decryption

  • Anyone can encrypt the message with the public key

  • But only the person with the private key can decrypt messages