UGRD-IT6205A [INFORMATION ASSURANCE AND SECURITY 1]

Cyber security, also referred to as information technology security, focuses on

protecting computers, networks, programs and data from unintended or
unauthorized access, change or destruction.
- True

Is the process of maintaining an acceptable level of perceived risk

- Security

Is a process, not an end state

- Security

Cyberspace is "the environment in which communication over computer networks

occurs.“
- True

Type of Concept for Cybercrime

- Digital Underground, Underground Economy, Phishing,
Hacktivism, Cyberwar:Estonia Case and Stuxnet

Six Concept of CyberCrime

- Digital Underground, Underground Economy, Phishing,
Hacktivism, Cyberwar:Estonia Case and Stuxnet

Is roughly equivalent to privacy

- Confidentiality

Assurance that the information is authentic and complete.

- Availability

Assurance that information is shared only among authorized persons or

organizations.
- Confidentiality

Cybersecurity is the collection of tools, policies, security concepts, security

safeguards, guidelines, risk management approaches, actions, training, best
practices, assurance and technologies that can be used to protect the cyber
environment and organization and user’s assets.
- True

Availability: Availability of information refers to ensuring that authorized parties are

able to access the information when needed
- True

In information security, data integrity means maintaining and assuring the accuracy
and consistency of data over its entire life-cycle.
- True

Three Features of Security

- Confidentiality, Integrity and Availability

Concept of Cybercrime
Cyber Crime Computer crime, or cybercrime, is any crime that involves a computer
and a network. The computer may have been used in the commission of a crime, or
it may be the target.
- True

Availability:Assurance that the systems responsible for delivering, storing and

processing information are accessible when needed, by those who need them.
- True

Timely, reliable access to data and information  services for authorized users;
- Availability

Protection against unauthorized modification or  destruction of information

- Integrity

Raw facts with a known coding system

- Data

Processed data
- Information
Actions taken that protect and defend information and  information systems by
ensuring their availability,  integrity, authentication, confidentiality and non-
repudiation
- True

Information Assurance (IA) is the study of how to protect your  information assets

from destruction, degradation, manipulation and  exploitation.
- True

Information and data manipulation abilities in cyberspace;

- Information Infrastructure

Accepted facts, principles, or rules of thumb that are  useful  for specific domains.
- Knowledge

Four Security Domains

- Physical Security, Personnel Security, IT Security and
Operational Security

Raw facts with an unknown coding system

- Noise

It should be:  accurate, timely, complete, verifiable, consistent,  available.

- Knowledge

Assurance that information is not disclosed to  unauthorized persons

- Confidentiality

Data and data processing activities in physical space;

- Physical

Security measures to establish the validity of a  transmission, message, or originator.

- Authentication

Converting data into  information thus  requires knowledge

- Information

Assurance that the sender is provided with proof  of a data delivery and recipient is
provided with proof  of the sender’s identity, so that neither can later deny  having
processed the data.
- Non-repudiation

Is data  endowed with relevance  and purpose.

- Information

Consists of employees, former employees and  contractors.

- Insiders

Information security technical measures  such as:        encryption and key

management, intrusion  detection, anti-virus software, auditing, redundancy, 
firewalls, policies and standards.
- Defender’s operations

To affect the technical performance and the  capability of physical systems, to

disrupt the  capabilities of the defender.
- Desired Effects

Involves the implementation of standard  operational security procedures that define

the nature and  frequency of the interaction between users, systems, and system 
resources, the purpose of which is to.
- Operational Security

Physical attack and destruction, including:  electromagnetic attack, visual spying,

intrusion,  scavenging and removal, wiretapping, interference,  and eavesdropping.
- Attacker’s Operations

Is the study of how to protect your  information assets from destruction,

degradation, manipulation and  exploitation.
- Information Assurance
Refers to the protection of hardware, software,  and data against physical threats to
reduce or prevent disruptions  to operations and services and loss of assets.”
- Physical Security

Three distinct levels:

- Desired Effects, Physical, Perceptual

Is the inherent technical features and functions that  collectively contribute to an IT

infrastructure achieving and  sustaining confidentiality, integrity, availability,
accountability, authenticity, and reliability.”
- IT Security

Is a variety of ongoing measures taken to  reduce the likelihood and severity of
accidental and intentional  alteration, destruction, misappropriation, misuse,
misconfiguration,  unauthorized distribution, and unavailability of an organization’s 
logical and physical assets, as the result of action or inaction by  insiders and known
outsiders, such as business partners.”
- Personnel Security

Risk Management Procedure consists of six steps.

- Assess vulnerabilities, Assess risks, Assess threats, Assess
assets, Make risk management decisions, Prioritize
countermeasure options

Seven Stages of lifecycle model

- Requirements, Design, Coding, Testing, Deployment,
Production and Decommission

Not performing an activity that would incur risk.

- Risk Avoidance

Are the security features of a system that  provide enforcement of a security policy.
- Trust mechanism

Risks not avoided or transferred are retained by  the organization.

- Risk Acceptance
Is a generic term that implies a mechanism in place to  provide a basis for
confidence in the reliability/security of the  system.
- Trust

Shift the risk to someone else.

- Risk Transfer

Acceptance, avoidance, mitigation,  transfer—are with respect to a specific risk for a

specific pary.
- The risk treatment

Taking actions to reduce the losses due to a risk;  many technical countermeasures
fall into this  category.
- Risk mitigation

The main ways of transport are e-mails (attachment of infected files), web platforms
(running malware scripts), or removable USB memories;
- Delivery

Transmitting the weapon to the target environment.

- Delivery

These actions typically consist of collecting information, modifying data integrity, or

attacking the availability of services and devices, but the victim system can also be
used as a starting point for infecting other systems or for expanding access to the
local network.
- Action on objective

Making a malware application (for example, a computer trojan) that, combined with
an exploitable security breach, allows remote access. Moreover, PDF (Portable
Document Format) files or Microsoft Office suite-specific files can be regarded as
weapons available to the attacker;
- Weaponization
Research, target identification and selection: it may be looking for e-mail addresses,
social relationships, or data about a particular technology, information displayed on
various websites;
- Reconnaissance

The infected file can be used by the self-execution facility to launch the malware
code, or it can be executed by the user himself;
- Exploitation

Logical security consists in software that are necessary to control the access to

information and services of a system. The logical level is divided into two categories:
access security level and service security level.
- Prevent Cyber-Attacks

Infecting a victim system with a computer trojan, backdoor or other malware

application of this type that ensures the attacker’s presence in the target
environment;
- Installation

What are the steps in intrusion model?

- Recon, Weaponise, Deliver, Exploit, Install, C2 and Action

Physical security consist in the closure of IT equipment in a dedicated space and the

provision of access control.
- Prevent Cyber-Attacks

Usually an infected host must be accessible outside of the local network to establish
a command and control channel between the victim and the attacker. Once this
bidirectional communication has been made, an attacker has access inside the target
environment and can usually control the activity by manually launching commands;
- Command and Control
After the weapon is delivered to the victim, follows the targeting of an application or
vulnerability of the operating system. The infected file can be used by the self-
execution facility to launch the malware code, or it can be executed by the user
himself;
- Exploitation

Once this bidirectional communication has been made, an attacker has access inside
the target environment and can usually control the activity by manually launching
commands;
- Command and Control

After the first six phases, an attacker can act to achieve the goals. These actions
typically consist of collecting information, modifying data integrity, or attacking the
availability of services and devices, but the victim system can also be used as a
starting point for infecting other systems or for expanding access to the local
network.
- Action on Objective

Is it true or false. The use of complex, unique, hard to guess or break passwords,
consisting of numbers, upper/lower case letters and special characters is some basic
steps in storing personal data.
- True

Is it true or false. Storage the minimum required data online and maximum

discretion in providing them to a third party (users, companies) is some basic steps
in storing personal data.
- True

Is it true or false. Using encrypted versions of protocols when sensitive information is

exchanged so as to ensure data confidentiality and prevent identity theft is some
basic steps in storing personal data.
- True

Acronym for TCB?

- Trusted Computing Base
Is the process by which an asset is managed from its  arrival or creation to its
termination or destruction.
- Lifecycle

Is it true or false. An additional risk occurs when personal information is stored in

client accounts on commercial websites, which may become the target of cyber-
attacks anytime, so stored data becomes vulnerable is some basic steps in storing
personal data.
- True

Is a collection of all the trust  mechanisms of a computer system which collectively

enforce the  policy.
- TCB

Is a measure of confidence that the security features,  practices, procedures, and

architecture of a system accurately  mediates and enforces the security policy.
- Assurance

Failure of the mechanism may destroy the basis for trust.

- Trust

Is it true or false. Encrypting all personal information when saved on different

storage media is some basic steps in storing personal data.
- True

True or False: Identify extended enterprise (units) - those units outside the scoped
enterprise who will need to enhance their security architecture for interoperability
purposes
- True

This assured that the information is authentic and complete.

- integrity

Those who are most affected and achieve most value from the security work
- Identify core enterprise
Establish architecture artifact, design, and code reviews and define acceptance
criteria for the successful implementation of the findings. What phase is that?
- Phase G: Implementation Governance

Following a cyber risk assessment, develop and implement a plan to mitigate cyber
risk and protect the “_____________” outlined in the assessment.
- crown jewels

IA takes steps to maintain integrity, such as having anti-virus software in place so

that data will not be altered or destroyed, and having policies in place.
- True

This is an assurance that the systems responsible for delivering, storing, and
processing information are accessible when needed, by those who need them.
- availability

The ability to provide forensic data attesting that the systems have been used in
accordance with stated security policies.
- Audit

This is not a type of application security.

- photo enhancement

In a phased implementation the new security components are usually part of the
infrastructure in which the new system is implemented. The security infrastructure
needs to be in a first or early phase to properly support the project. What phase is
that?
- Phase F: Migration Planning

Definition of relevant stakeholders and discovery of their concerns and objectives

will require development of a high-level scenario. What phase is that?
- Phase A: Architecture Vision
From the Baseline Security Architecture and the Enterprise Continuum, there will be
existing security infrastructure and security building blocks that can be applied to
the requirements derived from this architecture development engagement. What
phase is that?
- Phase E: Opportunities & Solutions

Protecting the authentication can involve protecting against malicious code, hackers,

and any other threat that could block access to the information system.
- False

Cyber security, also referred to as____________________, focuses on protecting

computers, networks, programs and data from unintended or unauthorized access,
change or destruction.
- information technology security

Many security vulnerabilities originate as design or code errors and the simplest and
least expensive method to locate and find such errors is generally an early review by
experienced peers in the craft. What phase is that?
- Phase G: Implementation Governance

The following security specifics appropriate to the security architecture must be

addressed within each phase in addition to the generic phase activities. What phase
is that?
- Phase A: Architecture Vision

In IA, this automatically happened as well as availability and reliable and timely
access to information.
- confidentiality

Combining sound cyber security measures with an educated and security-minded

employee base provides the best defense against ________________attempting to gain
access to your company’s sensitive data.
- cyber criminals

Security architecture has its own discrete security methodology.

- True
These are all common examples of network security implementation except one.
- clean storage feature

This issued guidelines in its risk assessment framework that recommend a shift

toward continuous monitoring and real-time assessment.
- National Institute of Standards and Technology

True or False: Identify the security governance involved, including legal frameworks

and geographies (enterprises)
- True

Every system will rely upon resources that may be depleted in cases that may or may
not be anticipated at the point of system design. What phase is that?
- Phase D: Technology Architecture

The definition and enforcement of permitted capabilities for a person or entity

whose identity has been established.
- Authentication

The substantiation of the identity of a person or entity related to the enterprise or

system in some way.
- Authentication

This is "the environment in which communication over computer networks occurs.“

- cyberspace

_______________ should also consider any regulations that impact the way the
company collects, stores, and secures data, such as PCI-DSS, HIPAA, SOX, FISMA.
- Cyber Risk Assessment

Security architecture introduces its own normative flows through systems and
among applications.
- True

Assess and baseline current security-specific technologies

- Phase D: Technology Architecture
The organizations and the government have focused most of their cyber security
resources on perimeter security to protect all the encrypted system components.
- False

This consists of the cyber-physical systems that modern societies rely on.
- critical infrastructure security

Changes in security requirements are often more disruptive than a simplification or

incremental change. Changes in security policy can be driven by statute, regulation,
or something that has gone wrong. What phase is that?
- Phase H: Architecture Change Management

True or False: Identify communities involved (enterprises) - those stakeholders who

will be affected by security capabilities and who are in groups of communities
- True

Concept Cybercrime
- Digital Underground, Underground Economy,Phishing,
Hacktivism, Cyberwar:Estonia Case and Stuxnet

True or False: Risk analysis documentation

- True

These are constantly creating and implementing new security tools to help
enterprise users better secure their data.
- cloud providers

This involves ensuring that the users are who they say are and one of the most
famous method to secure this is by using password.
- authentication

Assess the impact of new security measures upon other new components or existing
leveraged systems. What phase is that?
- Phase F: Migration Planning

The organization's attitude and tolerance for risk.

- Risk Management

IA is a special subject under Information Technology program.

- False

Failure to protect sensitive information can result in __________ issued by regulatory

agencies or lawsuits from other companies or individuals.
- fines

Determine who are the legitimate actors who will interact with the
product/service/process. What phase is that?
- Phase B: Business Architecture

All are benefits of information protection except one.

- e-mailing the suppliers and partners with updated services

Identify existing security services available for re-use

- Phase E: Opportunities & Solutions

Those units outside the scoped enterprise who will need to enhance their security
architecture for interoperability purposes
- Identify extended enterprise

The ability of the enterprise to function without service interruption or depletion

despite abnormal or malicious events.
- Availability

Security architecture calls for its own unique set of skills and competencies of the
enterprise and IT architects.
- True

Changes in security standards are usually less disruptive since the trade-off for their
adoption is based on the value of the change.
- Phase H: Architecture Change Management

True or False: Codified data/information asset ownership and custody

- True

Are applicable to ensuring that security requirements are addressed in subsequent

phases of the ADM. What phase is that?
- Phase A: Architecture Vision

A full inventory of architecture elements that implement security services must be

compiled in preparation for a gap analysis. What phase is that?
- Phase C: Information System Architecture

This advises that companies must be prepared to “respond to the inevitable cyber
incident, restore normal operations, and ensure that company assets and the
company’s reputation are protected.”
- NCSA

The protection of information assets from loss or unintended disclosure, and

resources from unauthorized and unintended use.
- Asset Protection

Assess and baseline current security-specific technologies. What phase is that?

- Phase D: Technology Architecture

This means that only those authorized to view information are allowed access to it.
- confidentiality

Assess and baseline current security-specific architecture elements. What phase is

that?
- Phase C: Information System Architecture

True or False: Identify soft enterprise (units) - those who will see change to their
capability and work with core units but are otherwise not directly affected
- True

The state of being protected against the criminal or unauthorized use of electronic
data, or the measures taken to achieve this.
- cyber security
Information Assurance refers to the steps involved in protecting information systems
- like reproducing three copies of uploaded articles and journals.
- False

Integrity is the most important character trait of Information Assurance.

- True

Which one is not a security threat in the IT world?

- cyber bullying

The ability to add and change security policies, add or change how policies are
implemented in the enterprise, and add or change the persons or entities related to
the systems.
- Administration

Security architecture addresses non-normative flows through systems and among

applications.
- True

Those who will see change to their capability and work with core units but are
otherwise not directly affected
- Identify soft enterprise

The ability to test and prove that the enterprise architecture has the security
attributes required to uphold the stated security policies.
- Assurance

Security architecture composes its own discrete views and viewpoints.

- True

Security architecture introduces unique, single-purpose components in the design.

- True

Those stakeholders who will be affected by security capabilities and who are in
groups of communities
- Identify communities involved
Revisit assumptions regarding interconnecting systems beyond project control, Identify and evaluate
applicable recognized guidelines and standards and Identify methods to regulate consumption of
resources. What phase is that?

- Phase D: Technology Architecture

Development of the business scenarios and subsequent high-level use-cases of the

project concerned will bring to attention the people actors and system actors
involved. What phase is that?
- Phase B: Business Architecture

True or False: Business rules regarding handling of data/information assets

- True

True or False: Data classification policy documentation

- True

True or False:  Identify core enterprise (units) - those who are most affected and
achieve most value from the security work
- True

Changes in security standards are usually less disruptive since the trade-off for their
adoption is based on the value of the change. However, standards changes can also
be mandated. What phase is that?
- Phase H: Architecture Change Mana

True or False: Written and published security policy

- True