True

False

Secrecy: control of who gets to read information

Integrity: control of how information changes or resources are used

Availability: providing prompt access to information and resources

Accountability: knowing who has had access to resources

Hackability: providing prompt access for individuals with expertise

Damage to information

Disruption of service

Theft of money

Theft of information

Loss of privacy

True

False

True

False

Make it easy for responsible people to use the system (e.g., make security procedures simple)

Make it hard for dishonest or careless people (e.g., password management)

Train people in responsible behavior

Test the security of the system thoroughly and repeatedly, particularly after changes

Do not hide violations

System design — secure protocols, authentication, barriers to access

Programming — defensive programming and rigorous testing

Operating procedures — backup, auditing, vulnerability testing

Training and monitoring personnel

Turning off servers during a cyber attack