Scribd Logo
Upload

Welcome to Scribd!

  • Briefly Define The Following Security Terms (2 Mark)

    Uploaded by

    Dechasa Shimels
    15 views3 pages
    The document defines several common security terms: - Non-repudiation prevents senders or receivers from denying messages by proving who sent and received a message. - Authentication verifies identities through means like passwords or biometrics. - Authorization determines what authorized users are allowed to access within a system. It also provides examples of a personal device security policy, and explains the differences between security attacks such as viruses vs worms, hackers vs crackers, phishing vs pharming, and DoS vs DDoS. The document identifies the vulnerability in the given statement as the loss of confidence in a company's business.

    Original Description:

    Original Title

    Dev

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document defines several common security terms: - Non-repudiation prevents senders or receivers from denying messages by proving who sent and received a message. - Authentication verifies identities through means like passwords or biometrics. - Authorization determines what authorized users are allowed to access within a system. It also provides examples of a personal device security policy, and explains the differences between security attacks such as viruses vs worms, hackers vs crackers, phishing vs pharming, and DoS vs DDoS. The document identifies the vulnerability in the given statement as the loss of confidence in a company's business.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    15 views3 pages

    Briefly Define The Following Security Terms (2 Mark)

    Uploaded by

    Dechasa Shimels
    The document defines several common security terms: - Non-repudiation prevents senders or receivers from denying messages by proving who sent and received a message. - Authentication verifies identities through means like passwords or biometrics. - Authorization determines what authorized users are allowed to access within a system. It also provides examples of a personal device security policy, and explains the differences between security attacks such as viruses vs worms, hackers vs crackers, phishing vs pharming, and DoS vs DDoS. The document identifies the vulnerability in the given statement as the loss of confidence in a company's business.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    1.

    Briefly Define the Following Security terms (2 Mark)


    a. Non repudiation:- is the prevention of either the sender or the receiver denying transmitted
    message. A computer security system must be able to prove that certain messages were sent and
    received, who sent the message, who received the message and perhaps what the message said.
    For example, suppose a dishonest trader sends an electronic message to a stock broker telling
    him to buy £2,000 worth of shares in CryptoCom. The next day the price of CryptoCom shares
    soars. The trader now pretends that his original message said to buy £20,000 worth of shares.
    Conversely if the share price fell he might pretend that the original message said to buy shares in
    KryptoCom instead. Non-repudiation means that the trader is not able to deny his original
    message. Non-repudiation is often implemented by using digital signatures
    b. Accountability:- means that the system is able to provide audit trails of all transactions. The
    system managers are accountable to scrutiny from outside the system and must be able to
    provide details of all transactions that have occurred. Audit trails must be selectively kept (and
    protected to maintain their integrity) so that actions affecting security can be traced back to the
    responsible party.
    c. Authentication:- is proving a claim – usually that you are who you say you are, where you
    say you are, at the time that you say it is. Authentication may be obtained by the provision of a
    password or by a scan of your retina
    d. Authorization:- Now that you are here, what are you allowed to do?.

    ◦ The list our things that is allows the legitimate actor could have in the given
    system

    2. Write a simple security policy for your personal device, stating who has
    authorized access (2 Mark).

    Mr.x Personal device polices:-

    A. The only person who has access to my personal computer is only me.

    B. Don’t touch my personal computer with out telling me

    C. you are allowed when i say so or allowed you to use it.


    3. Write the difference between the following securities attacks briefly (4 Mark).
    a. Virus vs Worm

    A virus is malware that relies on someone or something else to propagate


    from one system to another. For example, an email virus attaches itself
    to an email that is sent from one user to another. Until recently, viruses
    were the most popular form of malware.where as,

    A worm is like a virus except that it propagates by itself without theneed for outside assistance.
    This definition implies that a worm uses a
    network to spread its infection
    b. Hacker vs Cracker

    Hackers:-is a computer expert who uses their technical knowledge to achive a goal or overcome
    an obstacle ,within a computerized system by non-standard means.

    Crackers:- when someone perform a security hack for criminal or malicious reasons ,and the
    person is called a “cracker ” just like a bank robber crackers a safe by skillfully manipulating it
    lock ,a cracker break into a computer system ,program or account with the aid od their technical
    wizardry
    c. Phishing vs Pharming

    Phishing:-is a type of social engineering where ama attacker sends a fraudulent (“spoofed ”)
    message designed to trick a human victim into reveling sensitive information.

    Pharming:-is a form of online fraud involving malicious code and fraudulent websites.
    Cybercriminal install malicious code on your computer or sever. The code automatically directs
    you to bogus website without your knowledge or consent
    d. DoS vs DDoS

    Dos:- (Denial of service) is a cyber-attacker in which the perpetrator seeks to make a machine or
    network resource unavailable to its intended users by temporary or indefinitely disrupting
    service of a host connected to the internet
    DDOS:-attacks target websites and online service .The aim is to overwhelm them with more
    traffic than the server or the network can accommodate. The goal is to render the website or
    service inoperable…. In some case , the targeted victims are threatened with DDOS attacker at
    attack at a low level.

    4. If a company loss their confidence because of change of business, the company


    may not be competitors. In this statement, what is? (2 Mark)
    a. Risk: -May loss their business in the process
    b. Threat:- May not be competitor

    c. Vulnerability:- loss of confidence in the firm business.

    You might also like