Computer Security: Principles and Practice, 4th Edition Chapter 1 - Computer Systems Overview

T

Computer security is protection of the integrity, availability, and confidentiality of information system resources.

T

Data integrity assures that information and programs are changed only in a specified and authorized manner.

T

Availability assures that systems work promptly and service is not denied to authorized users.

F

The "A" in the CIA triad stands for "authenticity".

T

The more critical a component or service, the higher the level of availability required.

T

Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them.

T

Many security administrators view strong security as an impediment to
efficient and user-friendly operation of an information system.

F

Assurance is the process of examining a computer product or system
with respect to certain criteria.

Privacy

________assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

System Integrity

_________assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

confidentiality

A loss of _________ is the unauthorized disclosure of information.

countermeasure

A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.

High

A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

denial of service

The _________ prevents or inhibits the normal use or management of communications facilities

exposure

A threat action in which sensitive data are directly released to an unauthorized entity is __________.

masquerade

An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.

passive attack

A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources.

deception

Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences.

security attack

A __________ is any action that compromises the security of information owned by an organization.

Computer Security

_________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.

Passive

Release of message contents and traffic analysis are two types of _________ attacks.

Recovery

Security implementation involves four complementary courses of action: prevention, detection, response, and____________

CIA Triad

Confidentiality, Integrity, and Availability form what is often referred to as the ________

Data

The assets of a computer system can be categorized as hardware, software, firmware, communication lines and networks, and _________

Active

Replay, masquerade, modification of messages, and denial of service are example of ________ attacks.

data integrity

The assurance that data received are exactly as sent by an authorized entity is __________.

vulnerability

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) __________.

attack

An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________.