краткий пересказ. (Computer Security and Riscs) (Types of Incidents) (краткий пересказ. (Computer Security and Riscs) (Types of Incidents).docx)

Computer Security and Riscs

1. In what spheres of human activity does availability play an essential role? Why?

Availability is often the most important attribute in service-oriented businesses that depend on information (for example, airline schedules and online inventory systems).

Availability of the network itself is important to anyone whose business or education relies on a network connection. Because in case of denial-of-service business will loss users and their money.

1. When will security be the strongest?

Security is strong when the means of authentication cannot later be refuted — the user cannot later deny that he or she performed the activity.

1. Which concept is the most remarkable for the provision of overall security?

The concept of nonrepudiation, because it means that user cannot deny what he has done.

1. What can be the consequences of an unauthorized break-in?

The consequences of a break-in cover a broad range of possibilities: a minor loss of time in recovering from the problem, a decrease in productivity, a significant loss of money or staff-hours, (skip other examples, a devastating loss of credibility or market opportunity, a business no longer able to compete, legal liability, and the loss of life. Individuals may find that their credit card, medical, and other private information has been compromised.)

However, even if there is no important information on the vulnerable system, broken computer became a “weak link” allowing unauthorized access further into corporation.

1. How can intruders benefit from the access to innocuous information?

Innocuous information can expose a computer system to compromise. Usually hackers are interested in types of hardware and software that are being used.

1. Is there a principal difference between authorization and authentication?

Yes there is. Authentication is proving that a user is the person he or she claims to be. Authorization is the act of determining whether a particular user (or computer system) has the right to carry out a certain activity.

Types of Incidents

1. What is the principal difference between threats and attacks?

A threat is a potential violation of security, while an attack is an attempt to breach the system security.

1. What are the four classes that encompass common threats?

Threats can be divided into four broad classes: disclosure, or unauthorized access to information; deception, or acceptance of false data; disruption, or interruption or prevention of correct operation; and usurpation, or unauthorized control of some part of a system.

1. What is the difference between passive and active wiretapping?

Passive wiretapping is a form of snooping in which a network is monitored. Active wiretapping is a form of modification in which data moving across a network is altered.

1. How do various types of denial-of-service attacks work?

Attackers may "flood" a network with large volumes of data to deliberately consume the limited resource of the system. They may also disrupt physical components of the network or manipulate data in transit.

1. Can the breaches of the system security be unintentional?

(может быть неверно) Yes, they are usually classified as probes. A probe is characterized by unusual attempts to gain access to a system.

1. What are the consequences of a malicious code execution?

Malicious code execution of programs can lead to serious data loss, downtime, denial-of-service, and other types of security incidents.