1. What are the properties of a secure information processing system?

Confidentiality, integrity, and availability (and non-repudiation)

2. What term is used to describe the property of a secure network where a sender cannot deny having sent a message?

Non-repudiation

3. A company provides a statement of deviations from framework best practices to a regulator. What process has the company performed?

Gap analysis

4. What process within an access control framework logs actions performed by subjects?

Accounting

5. What is the difference between authorization and authentication?

Authorization means granting the account that has been configured for the user on the computer system the right to make use of a resource. Authorization manages the privileges granted on the resource. Authentication protects the validity of the user account by testing that the person accessing that account is who they say they are.

6. How does accounting provide non-repudiation?

A user’s actions are logged on the system. Each user is associated with a unique computer account. As long as the user’s authentication is secure and the logging system is tamperproof, they cannot deny having performed the action.