Professional Ethics & Security

Question 1

What are the 4 Code of Ethics Canons?

Answer 1

1. Protect society, the common good, necessary public trust and confidentiality and the infrastructure
2. Act honorably, honestly, justly, responsibly and legally
3. Provide diligent and competent service to principals
4. Advance and protect the profession

Question 2

What is Confidentiality?

Answer 2

Measures the attackers ability to get unauthorized data or access to information from an applicant or system

Question 3

What is Integrity?

Answer 3

Measures an attackers ability to manipulate, change or remove data at rest and data in transit

Question 4

What is Availability ?

Answer 4

Measures the attackers ability to disrupt or prevent access to services or data in a client-server or distributed environment

Question 5

What is Authenticity?

Answer 5

The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, message and message originator

Question 6

What are Solutions for Authenticity?

Answer 6

Integrated Identity Platforms:

• Companies such as IdRamp allow you to manage all systems, services and applications from one executive dashboard

-Passwordless (QR code on endpoints), bring your own identity (BYOI), Zero Trust

-Zero Trust Network Access (ZTNA) - a technology that makes it feasible to implement zero trust security model. ZT is an IT security initiative that accepts that threats exist inside and outside of a network. ZTNA demands strict authentication and identification for every subject before authorizing them to access internal resource objects

Question 7

What is Non-repudiation?

Answer 7

the inability to refuse participation in a digital transaction, contract, or email communication (S/MIME)

Question 8

What are solutions for Availability?

Answer 8

• Introducing controls against Distributed denial-of-service (DDoS) and botnets
• Assuring that security infrastructure devices are deployed in a active-standby or active -active clusters
• Contributing to business continuity and disaster recovery

Question 9

What are solutions for Integrity?

Answer 9

Involves implementing cryptographic hashing, hash-based message authentication codes (HMAC), and digital signing mechanisms to assure only authorized subjects can change sensitive information

Question 10

What is the Clark-Wilson integrity models?

Answer 10

is a mandatory access control model that provides a structure for describing and analyzing an integrity policy for computing systems based on:

-Established transitions from one reliable state to another reliable state

-The principle of separation of duties - the guarantor of the transition and the deployer of the transaction are two separate participants

-Security policies that relate directly to transition integrity

Question 11

What are solutions for Confidentiality?

Answer 11

-WPA3 cryptography - 192 bits crypto machismo in WPA3-enterprise mode. Dictates CCMP-128 as the minimum level encryption

-Confidentially computing - WAS Nitro enclave is a hardened and heavily insulated compute environment that is initiated and connected to the consumers instance of a virtual machine like windows, Linux, or macOS. No user, including admin or root, nor any application running on the virtual machine =has interactive access to the enclave

• Homomorphic encryption - innovative solution that contributes to a zero-trust initiative by protecting data-in-user in untrusted domains (clou) within the need to decrypt the process involved the transformation of data into ciphertext that can be analyzed and worked on as if it were still in it original form. User asymmetrical algorithms and multifaceted algebraic functions to act upon encrypted data0-in-use within affecting the existing encryption

Question 12

What is the Organizational Code of Ethics?

Answer 12

is a set of core guiding principles to notify how and why decisions are made and informs all stakeholders how the company delivers the core ethics