Network Security FAQ: Overview

Answer: The resources in a network that are considered the most trusted include internal servers, domain controllers, and network-attached devices.

Answer: Five types of malware are viruses, worms, Trojan horses, spyware, and hoaxes.

Answer: A hoax is a special kind of malware. Hoaxes do not contain any code, instead relying on the gullibility of the users to spread them. They often use emotional subjects such as a child’s last wish. Any e-mail message that asks you to forward copies to everyone you know is almost certainly a hoax.

Answer: A hacker is a person who is proficient with computers and does no malicious damage whatsoever. A hacker is often driven by a passion for computing but is not bent on harming systems. A cracker, on the other hand, uses various tools and techniques to gain illegal access to various computer platforms and networks.

Answer: Three potential threats from inside an organization include authenticated users, unauthorized programs, and unpatched software.

Answer: Many people are involved in the security process of an organization, including senior management, users, and the government (because it makes legal requirements that an organization has to follow).

Answer:

• HIPAA The Health Insurance Portability and Accountability Act restricts disclosure of health-related data along with personally identifying information.
• GLB The Gramm-Leach-Bliley Act affects U.S. financial institutions and requires disclosure of privacy policies to customers.
• ECPA The Electronic Communications Privacy Act specifies who can read whose e-mails under what conditions.

Answer: CIA stands for the following:

• Confidentiality Ensure that no data is disclosed intentionally or unintentionally.
• Integrity Make sure that no data is modified by unauthorized personnel, that no unauthorized changes are made by authorized personnel, and that the data remains consistent, both internally and externally.
• Availability Provide reliable and timely access to data and resources.

Answer: SLE stands for Single Loss Expectancy. To calculate this value, you need to know the Annualized Rate of Occurrence (ARO) and the monetary loss associated with an asset. This is the value that represents how much money would be lost if the risk occurred. This includes the price of the new equipment, the hourly wage of the people replacing the equipment, and the cost of employees unable to perform their work.

Answer: To plan for the probable risk, you need to budget for the possibility that the risk will happen. To do this, you need to use the ARO and the SLE to find the Annual Loss Expectancy (ALE).