INFORMATION ASSURACE AND SECURITY 1

Three Features of Security

-Confidentiality, Integrity and Availability

Cyber security, also referred to as information technology security, focuses on protecting computers,
networks, programs and data from unintended or unauthorized access, change or destruction.

-True

Availability:Assurance that the systems responsible for delivering, storing and processing information
are accessible when needed, by those who need them.

-True

Cyberspace is "the environment in which communication over computer networks occurs.“

-True

Assurance that information is shared only among authorized persons or organizations.

-Confidentiality

Availability: Availability of information refers to ensuring that authorized parties are able to access the
information when needed

-True

Is a process, not an end state

-security

Concept of Cybercrime

Cyber Crime Computer crime, or cybercrime, is any crime that involves a computer and a network. The
computer may have been used in the commission of a crime, or it may be the target.

-True
Is the process of maintaining an acceptable level of perceived risk

-security

Six Concept of CyberCrime

-Digital Underground, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk
management approaches, actions, training, best practices, assurance and technologies that can be used
to protect the cyber environment and organization and user’s assets.

-True

Assurance that the information is authentic and complete.

-Availability (daw)

Is roughly equivalent to privacy

-Confidentiality

In information security, data integrity means maintaining and assuring the accuracy and consistency of
data over its entire life-cycle.

-True

Information Assurance Quiz 2

Information Assurance (IA) is the study of how to protect your information assets from destruction,
degradation, manipulation and exploitation.

-True

Data and data processing activities in physical space;

-Physical

Assurance that information is not disclosed to unauthorized persons

-Confidentiality

It should be: accurate, timely, complete, verifiable, consistent, available.

-Knowledge

Four Security Domain

-Physical Security, Personnel Security, IT Security and Operational Security

Accepted facts, principles, or rules of thumb that are useful for specific domains.

-Knowledge

Actions taken that protect and defend information and information systems by ensuring their
availability, integrity, authentication, confidentiality and non-repudiation

-True

Converting data into information thus requires knowledge

-Information

Is data endowed with relevance and purpose.

-Information

Security measures to establish the validity of a transmission, message, or originator.

-Authentication

Raw facts with a known coding system

-Data

Raw facts with an unknown coding system

-Noise
Timely, reliable access to data and information services for authorized users;

-Availability

Protection against unauthorized modification or destruction of information

-Integrity

Processed data

-Information

Assurance that the sender is provided with proof of a data delivery and recipient is provided with proof
of the sender’s identity, so that neither can later deny having processed the data.

-Non-repudiation

Information and data manipulation abilities in cyberspace;

-information infrastructure

Information Assurance and Security 1 Final Quiz 1

From the Baseline Security Architecture and the Enterprise Continuum, there will be existing security
infrastructure and security building blocks that can be applied to the requirements derived from this
architecture development engagement. What phase is that?

-Phase E: Opportunities & Solutions

Assess and baseline current security-specific technologies. What phase is that?

-Phase D: Technology Architecture

Definition of relevant stakeholders and discovery of their concerns and objectives will require
development of a high-level scenario. What phase is that?

-Phase A: Architecture Vision

Many security vulnerabilities originate as design or code errors and the simplest and least expensive
method to locate and find such errors is generally an early review by experienced peers in the craft.
What phase is that?

-Phase G: Implementation Governance

The following security specifics appropriate to the security architecture must be addressed within each
phase in addition to the generic phase activities. What phase is that?

-Phase A: Architecture Vision

Every system will rely upon resources that may be depleted in cases that may or may not be anticipated
at the point of system design. What phase is that?

-Phase D: Technology Architecture

Determine who are the legitimate actors who will interact with the product/service/process. What
phase is that?

-Phase B: Business Architecture

Assess the impact of new security measures upon other new components or existing leveraged systems.
What phase is that?

-Phase F: Migration Planning

Changes in security standards are usually less disruptive since the trade-off for their adoption is based
on the value of the change. However, standards changes can also be mandated. What phase is that?

-Phase H: Architecture Change Mana

Assess and baseline current security-specific technologies. What phase is that?

-Phase D: Technology Architecture

A full inventory of architecture elements that implement security services must be compiled in
preparation for a gap analysis. What phase is that?

-Phase C: Information System Architecture

Are applicable to ensuring that security requirements are addressed in subsequent phases of the ADM.
What phase is that?

-Phase A: Architecture Vision

Revisit assumptions regarding interconnecting systems beyond project control, Identify and evaluate
applicable recognized guidelines and standards and Identify methods to regulate consumption of
resources. What phase is that?

-Phase D: Technology Architecture

Assess and baseline current security-specific architecture elements. What phase is that?

-Phase C: Information System Architecture

Establish architecture artifact, design, and code reviews and define acceptance criteria for the successful
implementation of the findings. What phase is that?

-Phase G: Implementation Governance

Development of the business scenarios and subsequent high-level use-cases of the project concerned
will bring to attention the people actors and system actors involved. What phase is that?

-Phase B: Business Architecture

Identify existing security services available for re-use. What phase is that?

-Phase E: Opportunities & Solutions

Changes in security requirements are often more disruptive than a simplification or incremental change.
Changes in security policy can be driven by statute, regulation, or something that has gone wrong. What
phase is that?

-Phase H: Architecture Change Management

In a phased implementation the new security components are usually part of the infrastructure in which
the new system is implemented. The security infrastructure needs to be in a first or early phase to
properly support the project. What phase is that?

-Phase F: Migration Planning

Definition of relevant stakeholders and discovery of their concerns and objectives will require
development of a high-level scenario. What phase is that?

-Phase A: Architecture Vision

Info Assurance and Security 1 Midterm Exam 50/50

Not performing an activity that would incur risk.

-Risk Avoidance

Are the security features of a system that provide enforcement of a security policy.

-Trust mechanism

Acceptance, avoidance, mitigation, transfer—are with respect to a specific risk for a specific pary.

-The risk treatment

Shift the risk to someone else.

-Risk Transfer

Seven Stages of lifecycle model

-Requirements, Design, Coding, Testing, Deployment, Production and Decommission

Risk Management Procedure consists of six steps.

-Assess assets

-Assess threats

-Assess risks

-Assess vulnerabilities

-Prioritize countermeasure options

-Make risk management decisions

Is a generic term that implies a mechanism in place to provide a basis for confidence in the
reliability/security of the system.

-Trust

Taking actions to reduce the losses due to a risk; many technical countermeasures fall into this
category.

-Risk mitigation

Risks not avoided or transferred are retained by the organization.

-Risk Acceptance

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the
operating system. The infected file can be used by the self-execution facility to launch the malware
code, or it can be executed by the user himself;

-Exploitation

Research, target identification and selection: it may be looking for e-mail addresses, social relationships,
or data about a particular technology, information displayed on various websites;

-Reconnaissance

Transmitting the weapon to the target environment.

-Delivery

Logical security consists in software that are necessary to control the access to information and services
of a system. The logical level is divided into two categories: access security level and service security
level.

-Prevent Cyber-Attacks

These actions typically consist of collecting information, modifying data integrity, or attacking the
availability of services and devices, but the victim system can also be used as a starting point for
infecting other systems or for expanding access to the local network.

-Action on objective
After the first six phases, an attacker can act to achieve the goals. These actions typically consist of
collecting information, modifying data integrity, or attacking the availability of services and devices, but
the victim system can also be used as a starting point for infecting other systems or for expanding access
to the local network.

-Action on objective

Making a malware application (for example, a computer trojan) that, combined with an exploitable
security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft
Office suite-specific files can be regarded as weapons available to the attacker;

-Weaponization

Usually an infected host must be accessible outside of the local network to establish a command and
control channel between the victim and the attacker. Once this bidirectional communication has been
made, an attacker has access inside the target environment and can usually control the activity by
manually launching commands;

-Command and control

What are the steps in intrusion model?

-Recon, Weaponise, Deliver, Exploit, Install, C2 and Action

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware
scripts), or removable USB memories;

-Delivery

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access
control.

-Prevent Cyber-Attacks

The infected file can be used by the self-execution facility to launch the malware code, or it can be
executed by the user himself;

-Exploitation
Infecting a victim system with a computer trojan, backdoor or other malware application of this type
that ensures the attacker’s presence in the target environment;

-Installation

Once this bidirectional communication has been made, an attacker has access inside the target
environment and can usually control the activity by manually launching commands;

-Command and control

Is a measure of confidence that the security features, practices, procedures, and architecture of a
system accurately mediates and enforces the security policy

-Assurance

Risk Management Procedure consists of six steps.

-Assess assets, Assess threats, Assess vulnerabilities, Assess risks, Prioritize countermeasure options and
Make risk management decisions

Is a collection of all the trust mechanisms of a computer system which collectively enforce the policy.

-TCB

Is it true or false. Using encrypted versions of protocols when sensitive information is exchanged so as to
ensure data confidentiality and prevent identity theft is some basic steps in storing personal data.

-True

Is it true or false. Storage the minimum required data online and maximum discretion in providing them
to a third party (users, companies) is some basic steps in storing personal data.

-True

Is it true or false. The use of complex, unique, hard to guess or break passwords, consisting of numbers,
upper/lower case letters and special characters is some basic steps in storing personal data.

-True
Is the process by which an asset is managed from its arrival or creation to its termination or destruction.

-Lifecycle

Is it true or false. An additional risk occurs when personal information is stored in client accounts on
commercial websites, which may become the target of cyber-attacks anytime, so stored data becomes
vulnerable is some basic steps in storing personal data.

-True

Is it true or false. Encrypting all personal information when saved on different storage media is some
basic steps in storing personal data.

-True

Failure of the mechanism may destroy the basis for trust.

-Trust

Acronym for TCB?

-Trusted Computing Base

Info Assurance and Security 1 Midterm Quiz 1 20/20

Not performing an activity that would incur risk.

-Risk Avoidance

Are the security features of a system that provide enforcement of a security policy.

-Trust mechanism

Acceptance, avoidance, mitigation, transfer—are with respect to a specific risk for a specific pary.

-The risk treatment

Shift the risk to someone else.

-Risk Transfer
Seven Stages of lifecycle model

-Requirements, Design, Coding, Testing, Deployment, Production and Decommission

Risk Management Procedure consists of six steps.

-Assess assets

-Assess threats

-Assess risks

-Assess vulnerabilities

-Prioritize countermeasure options

-Make risk management decisions

Is a generic term that implies a mechanism in place to provide a basis for confidence in the
reliability/security of the system.

-Trust

Taking actions to reduce the losses due to a risk; many technical countermeasures fall into this
category.

-Risk mitigation

Risks not avoided or transferred are retained by the organization.

-Risk Acceptance

Information Assurance and Security 1 Midterm Quiz 2 20/20

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the
operating system. The infected file can be used by the self-execution facility to launch the malware
code, or it can be executed by the user himself;

-Exploitation
Research, target identification and selection: it may be looking for e-mail addresses, social relationships,
or data about a particular technology, information displayed on various websites;

-Reconnaissance

Transmitting the weapon to the target environment.

-Delivery

Logical security consists in software that are necessary to control the access to information and services
of a system. The logical level is divided into two categories: access security level and service security
level.

-Prevent Cyber-Attacks

These actions typically consist of collecting information, modifying data integrity, or attacking the
availability of services and devices, but the victim system can also be used as a starting point for
infecting other systems or for expanding access to the local network.

-Action on objective

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of
collecting information, modifying data integrity, or attacking the availability of services and devices, but
the victim system can also be used as a starting point for infecting other systems or for expanding access
to the local network.

-Action on objective

Making a malware application (for example, a computer trojan) that, combined with an exploitable
security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft
Office suite-specific files can be regarded as weapons available to the attacker;

-Weaponization

Usually an infected host must be accessible outside of the local network to establish a command and
control channel between the victim and the attacker. Once this bidirectional communication has been
made, an attacker has access inside the target environment and can usually control the activity by
manually launching commands;

-Command and control

What are the steps in intrusion model?

-Recon, Weaponise, Deliver, Exploit, Install, C2 and Action

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware
scripts), or removable USB memories;

-Delivery

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access
control.

-Prevent Cyber-Attacks

The infected file can be used by the self-execution facility to launch the malware code, or it can be
executed by the user himself;

-Exploitation

Infecting a victim system with a computer trojan, backdoor or other malware application of this type
that ensures the attacker’s presence in the target environment;

-Installation

Once this bidirectional communication has been made, an attacker has access inside the target
environment and can usually control the activity by manually launching commands;

-Command and control

Information Assurance and Security 1 Final Quiz 1

Those who will see change to their capability and work with core units but are otherwise not directly
affected

-Identify soft enterprise

Security architecture has its own discrete security methodology.

-True
Security architecture introduces unique, single-purpose components in the design.

-True

Security architecture calls for its own unique set of skills and competencies of the enterprise and IT
architects.

-True

The ability of the enterprise to function without service interruption or depletion despite abnormal or
malicious events.

-Availability

The definition and enforcement of permitted capabilities for a person or entity whose identity has been
established.

- Authentication

The ability to add and change security policies, add or change how policies are implemented in the
enterprise, and add or change the persons or entities related to the systems.

-Administration

The protection of information assets from loss or unintended disclosure, and resources from
unauthorized and unintended use.

-Asset Protection

The substantiation of the identity of a person or entity related to the enterprise or system in some way.

-Authentication

Security architecture introduces its own normative flows through systems and among applications.

-True
Those stakeholders who will be affected by security capabilities and who are in groups of communities

-Identify communities involved

Those who are most affected and achieve most value from the security work

-Identify core enterprise

Security architecture addresses non-normative flows through systems and among applications.

-True

The ability to provide forensic data attesting that the systems have been used in accordance with stated
security policies.

-Audit

The ability to test and prove that the enterprise architecture has the security attributes required to
uphold the stated security policies.

-Assurance

The organization's attitude and tolerance for risk.

-Risk Management

Security architecture composes its own discrete views and viewpoints.

-True

Those units outside the scoped enterprise who will need to enhance their security architecture for
interoperability purposes

-Identify extended enterprise

INFORMATION ASSURACE AND SECURITY 1

Three Features of Security

-Confidentiality, Integrity and Availability

Cyber security, also referred to as information technology security, focuses on protecting computers,
networks, programs and data from unintended or unauthorized access, change or destruction.

-True

Availability:Assurance that the systems responsible for delivering, storing and processing information
are accessible when needed, by those who need them.

-True

Cyberspace is "the environment in which communication over computer networks occurs.“

-True

Assurance that information is shared only among authorized persons or organizations.

-Confidentiality

Availability: Availability of information refers to ensuring that authorized parties are able to access the
information when needed

-True

Is a process, not an end state

-security

Concept of Cybercrime

Cyber Crime Computer crime, or cybercrime, is any crime that involves a computer and a network. The
computer may have been used in the commission of a crime, or it may be the target.

-True

Is the process of maintaining an acceptable level of perceived risk

-security
Six Concept of CyberCrime

Digital Underground, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk
management approaches, actions, training, best practices, assurance and technologies that can be used
to protect the cyber environment and organization and user’s assets.

-True

Assurance that the information is authentic and complete.

-Availability

Is roughly equivalent to privacy

-Confidentiality

In information security, data integrity means maintaining and assuring the accuracy and consistency of
data over its entire life-cycle.

-True

Information Assurance Quiz 2

Information Assurance (IA) is the study of how to protect your information assets from destruction,
degradation, manipulation and exploitation.

-True

Data and data processing activities in physical space;

-Physical

Assurance that information is not disclosed to unauthorized persons

-Confidentiality
It should be: accurate, timely, complete, verifiable, consistent, available.

-Knowledge

Four Security Domain

-Physical Security, Personnel Security, IT Security and Operational Security

Accepted facts, principles, or rules of thumb that are useful for specific domains.

-Knowledge

Actions taken that protect and defend information and information systems by ensuring their
availability, integrity, authentication, confidentiality and non-repudiation

-True

Converting data into information thus requires knowledge

-Information

Is data endowed with relevance and purpose.

-Information

Security measures to establish the validity of a transmission, message, or originator.

-Authentication

Raw facts with a known coding system

-Data

Raw facts with an unknown coding system

-Noise

Timely, reliable access to data and information services for authorized users;
-Availability

Protection against unauthorized modification or destruction of information

-Integrity

Processed data

-Information

Assurance that the sender is provided with proof of a data delivery and recipient is provided with proof
of the sender’s identity, so that neither can later deny having processed the data.

-Non-repudiation

Information and data manipulation abilities in cyberspace;

-information infrastructure

Is the inherent technical features and functions that collectively contribute to an IT infrastructure
achieving and sustaining confidentiality, integrity, availability, accountability, authenticity, and
reliability.”

-IT Security

Type of Concept for Cybercrime

-Digital Underground, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet

Consists of employees, former employees and contractors.

-Insiders

Three distinct levels:

-Desired effects

-Perceptual

-Physical
Refers to the protection of hardware, software, and data against physical threats to reduce or prevent
disruptions to operations and services and loss of assets.”

-Physical Security

Is the study of how to protect your information assets from destruction, degradation, manipulation and
exploitation.

-Information Assurance

To affect the technical performance and the capability of physical systems, to disrupt the capabilities of
the defender.

-Desired Effects

Is a variety of ongoing measures taken to reduce the likelihood and severity of accidental and
intentional alteration, destruction, misappropriation, misuse, misconfiguration, unauthorized
distribution, and unavailability of an organization’s logical and physical assets, as the result of action or
inaction by insiders and known outsiders, such as business partners.”

-Personnel security

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk
management approaches, actions, training, best practices, assurance and technologies that can be used
to protect the cyber environment and organization and user’s assets.

-True

Availability:Assurance that the systems responsible for delivering, storing and processing information
are accessible when needed, by those who need them.

-True

Concept of Cybercrime

Cyber Crime Computer crime, or cybercrime, is any crime that involves a computer and a network. The
computer may have been used in the commission of a crime, or it may be the target.

-True
Four Security Domains

-Physical Security

-Personnel Security

-IT Security

-Operational Security

Physical attack and destruction, including: electromagnetic attack, visual spying, intrusion, scavenging
and removal, wiretapping, interference, and eavesdropping.

-Attacker’s Operations

Information Assurance (IA) is the study of how to protect your information assets from destruction,
degradation, manipulation and exploitation.

-True

Involves the implementation of standard operational security procedures that define the nature and
frequency of the interaction between users, systems, and system resources, the purpose of which is to.

-Operational security

Information security technical measures such as: encryption and key management, intrusion
detection, anti-virus software, auditing, redundancy, firewalls, policies and standards.

-Defender’s operations

True or False: Business rules regarding handling of data/information assets

-True

True or False: Written and published security policy

-True
True or False: Identify core enterprise (units) - those who are most affected and achieve most value
from the security work

-True

True or False: Risk analysis documentation

-True

True or False: Codified data/information asset ownership and custody

-True

True or False: Identify the security governance involved, including legal frameworks and geographies
(enterprises)

-True

True or False: Identify extended enterprise (units) - those units outside the scoped enterprise who will
need to enhance their security architecture for interoperability purposes

-True

True or False: Identify soft enterprise (units) - those who will see change to their capability and work
with core units but are otherwise not directly affected

-True

True or False: Data classification policy documentation

-True

True or False: Identify communities involved (enterprises) - those stakeholders who will be affected by
security capabilities and who are in groups of communities

-True