Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
19 Cards in this Set
- Front
- Back
|
The principle in security whose goal it is to ensure that data is modified only by individuals who are authorized to change it |
Integrity |
|
|
The security principle used in the Bell-LaPadula security model that states that no subject can read from an object with a higher security classification |
Simple Security Rule |
|
|
The term used to refer to the hacking of computers and systems used by the telephone company. |
Phreaking |
|
|
An integrity-based security model that bases its security on control of the processes that are allowed to modify critical data, referred to as constrained data items |
Clark-Wilson security model |
|
|
The condition where a user cannot deny that an event has occurred |
Nonrepudiation |
|
|
The process used to ensure that an individual is who they claim to be |
Authentication |
|
|
The approach of making different layers of security dissimilar so that an intruder who is able to breach one layer will be faced with an entirely different set of defenses at the next layer. |
Diversity of defense |
|
|
The process of combining seemingly unimportant information with other pieces of information to divulge potentially sensitive information |
Data aggregation |
|
|
Using ________ is a method to establish authenticity of specific objects such as an individual's public key or downloaded software. |
Certificates |
|
|
The principle that states a subject has only the necessary rights and privileges to perform its task, with no additional permissions |
Least privilege |
|
|
The concept of blocking an action unless it is specifically authorized is: |
Implicit deny |
|
|
Which of the following concepts requires users and system processes to use the minimal amount of permission necessary to function? |
Least privilege |
|
|
The CIA of security includes: |
Confidentiality, integrity, availability |
|
|
The term used to describe the requirement that different portions of a critical process must be performed by different people is: |
Separation of duties |
|
|
The problem with the Low-Water-Mark policy is that it: |
Could ultimately result in all subjects having the integrity level of the least-trusted object on the system |
|
|
Hiding information to prevent disclosure is an example of: |
Security through obscurity |
|
|
What is the most common form of authentication used? |
Username/password |
|
|
The security principle used in the Bell-LaPadula security model that states that no subject can read from an object with a higher security classification is the: |
Simple Security Rule |
|
|
The Bell-LaPadula security model is an example of a security model that is based on: |
The confidentiality of the data |
