P1L1: Security Mindset Flashcards
What is of value that you are trying to protect from attackers?
data
What are the 2 kinds of companies?
- Companies that have been hacked and know it
2. Companies that have been hacked and DON’T know it.
What threat sources are there to worry about?
Cyber criminals
Hacktivists
Nation States
Where are the vulnerabilities?
software
networks
humans
What are the C.I.A. in the CIA model?
Confidentiality
Integrity
Availability
Cyber attacks can have ________ consequences?
physical
What should the good guys do in a security conscious world?
Prevention Detection Response Recovery and remediation policy vs mechanism
How does one go about reducing vulnerabilities?
Economy of mechanism–keep systems small and simple
Fail-safe defaults–means default access is denied
Complete mediation–no one should be able to bypass security measures
Open design–no secrecy
Least privilege–minimum level of access needed
Psychological acceptability–don’t expect people to do what is inconvenient
What is Economy of mechanism?
Keep systems small and simple
Fail-safe defaults means what?
means default access is denied
Wat is Complete Mediation?
no one should be able to bypass security measures
What does open design mean?
open design–no secrecy
What is Least privilege?
providing the minimum level of access needed
What is Psychological acceptability?
don’t expect people to do what is inconvenient
Computer security is protection of the integrity, availability and confidentiality of information system resources. T/F
True
Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them. T/F
True