INFX 320 Chapter 1

Card Set Information

INFX 320 Chapter 1
2015-10-11 15:59:10
INFX 320
INFX 320 Computer Security
Show Answers:

  1. Security
    • The security of a system, application, or protocol is always relative to:
    •     A set of desired properties
    •     An adversary with specific capabilities
  2. CIA
    • Confidentiality
    • Integrity
    • Availability
  3. Confidentiality
    • The avoidance of the unauthorized disclosure of information.
    •     it involves the protection of data, providing access for those who are allowed to see it while disallowing others from learning anything about its content.
  4. Encryption
    The transformation of information using a secret called an encryption key, so that the transformed information can only be read using another secret, called the decryption key (which may, in come cases be the same as the encryption key)
  5. Access Control
    • rules and policies that limit access to confidential information to those people and/or systems with a "need to know".
    •      may be determined by identity, such as person's name or a computer's serial number, or by a role that a person has, such as being a manager or a computer security specialist.
  6. Authentication
    • The determination of the identity or role that someone has. This determination can be done in a number of different ways, but it is usually based on a combination of:
    •      something the person has
    •      something the person knows
    •      something the person is
  7. Authorization
    • The determination if a person or system is allowed access to resources, based on an access control policy.
    •     Such authorizations should prevent an attacker from tricking the system into letting him access to protected resources.
  8. Physical Security
    • The establishment of physical barriers to limit access to protected computational resources.
    •      Such barriers include locks on cabinets and doors, the placement of computers in windowless rooms, the use of sound dampening materials, and even the construction of buildings or rooms with walls incorporating copper meshes.
  9. Integrity
    The property that information has not be altered in an unauthorized way.
  10. Backups
    the periodic archiving of data
  11. Checksums
    the computation of a function that maps the contents of a file to a numerical value. A checksum function depends on the entire contents of a file and is designed in a way that even a small change to the input file (such as flipping a single bit) is highly likely to result in a different output value.
  12. Data correcting codes
    methods for storing data in such a way that small changes can be easily detected and automatically corrected.
  13. Availability
    the property that information is accessible and modifiable in a timely fashion by those authorized to do so.
  14. Physical Protectiions
    infrastructure meant to keep information available even in the event of physical challenges.
  15. Computational redundancies
    Computers and storage devices that serve as fall backs in the case of failures.