Which key is used by the sender of a message to create a digital signature for the message being sent?
Correct Answer: B
Section: Protection of Information Assets Explanation: The sender private key is used to calculate the digital signature The digital signature is used to achieve integrity, authenticity and non-repudiation. In a digital signature, the sender's private key is used to encrypt the message digest (signing) of the message and receiver need to decrypt the same using sender's public key to validate the signature. A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later. A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real. How It Works Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you. You copy-and-paste the contract (it's a short one!) into an e-mail note. Using special software, you obtain a message hash (mathematical summary) of the contract. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash. The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.) At the other end, your lawyer receives the message: To make sure it's intact and from you, your lawyer makes a hash of the received message. Your lawyer then uses your public key to decrypt the message hash or summary. If the hashes match, the received message is valid. Below are some common reasons for applying a digital signature to communications: Authentication Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a grave mistake. Integrity In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed, any change in the message after signature invalidates the signature. Furthermore, there is no efficient way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions (see collision resistance). Non-repudiation Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of digital signatures. By this property, an entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does not enable a fraudulent party to fake a valid signature. Note that these authentication, non-repudiation etc. properties rely on the secret key not having been revoked prior to its usage. Public revocation of a key-pair is a required ability, else leaked secret keys would continue to implicate the claimed owner of the key-pair. Checking revocation status requires an "online" check, e.g. checking a "Certificate Revocation List" or via the "Online Certificate Status Protocol". Very roughly this is analogous to a vendor who receives credit-cards first checking online with the credit- card issuer to find if a given card has been reported lost or stolen. Of course, with stolen key pairs, the theft is often discovered only after the secret key's use, e.g., to sign a bogus certificate for espionage purposes. Tip for the exam: Digital Signature does not provide confidentiality. The sender's private key is used for calculating digital signature Encryption provides only confidentiality. The receiver's public key or symmetric key is used for encryption The following were incorrect answers: Sender's Public key - This is incorrect as receiver will require sender's private key to verify digital signature. Receiver's Public Key - The digital signature provides non-repudiation. The receiver's public key is known to every one. So it can not be used for digital-signature. Receiver's public key can be used for encryption. Receiver's Private Key - The sender does not know the receiver's private key. So this option is incorrect. Reference: CISA review manual 2014 Page number 348 http://upload.wikimedia.org/wikipedia/commons/2/2b/Digital_Signature_diagram.svg http://en.wikipedia.org/wiki/Digital_signature http://searchsecurity.techtarget.com/definition/digital-signature
Question 332
Which of the following should be an IS auditor's PRIMARY focus when auditing the implementation of a new IT operations performance monitoring system?
Correct Answer: B
Question 333
A security administrator is called in the middle of the night by the on-call programmer A number of programs have failed, and the programmer has asked for access to the live system. What IS the BEST course of action?
Correct Answer: B
The best course of action for a security administrator who is called in the middle of the night by the on-call programmer who needs access to the live system is to give the programmer an emergency ID for temporary access and review the activity. This is because: Requiring that a change request be completed and approved may delay the resolution of the problem and cause further damage or disruption to the system or business operations. A change request is a formal document that describes the proposed change, its rationale, impact, benefits, risks, costs, and approval process. A change request is usually required for planned or scheduled changes, not for emergency or urgent changes. Giving the programmer read-only access to investigate the problem may not be sufficient or effective, as the programmer may need to perform actions or tests that require write or execute permissions. Read-only access means that the user can only view or copy data or files, but cannot modify or delete them. Reviewing activity logs the following day and investigating any suspicious activity may not prevent or detect any unauthorized or malicious actions by the programmer in real time. Activity logs are records of events and actions that occur within a system or network. Activity logs can provide evidence and accountability for system activities, but they are not proactive or preventive controls. Therefore, giving the programmer an emergency ID for temporary access and reviewing the activity is the best course of action, as it allows the programmer to access the live system and resolve the problem quickly, while also ensuring that the security administrator can monitor and verify the programmer's activity and revoke the access when it is no longer needed. An emergency ID is a temporary account that grants a user elevated privileges or access to a system or resource for a specific purpose and duration. An emergency ID should be: Created and authorized by a security administrator or manager Assigned to a specific user and purpose Limited in scope and time Logged and audited Revoked and deleted after use Some of the best practices for emergency access to live systems are12: Establish clear policies and procedures for requesting, approving, granting, monitoring, reviewing, and revoking emergency access Define criteria and scenarios for emergency access, such as severity, impact, urgency, and risk Implement controls to prevent unauthorized or unnecessary use of emergency access, such as multifactor authentication, approval workflows, alerts, notifications, and time restrictions Implement controls to track and audit emergency access activities, such as logging, reporting, analysis, and investigation Implement controls to ensure accountability and responsibility for emergency access users, such as attestation, justification, documentation, and feedback
Question 334
Which of the following is the MOST effective control to minimize the risk of cross-site scripting (XSS)?
Correct Answer: A
Section: Protection of Information Assets Explanation
Question 335
What type of approach to the development of organizational policies is often driven by risk assessment?
Correct Answer: B
Explanation/Reference: A bottom-up approach to the development of organizational policies is often driven by risk assessment.
