The need to secure the physical location of computer technology from outside threats Computer security Security Communications security Network security. A state of being secure and free from danger or harm. Also; the actions taken to make
someone or something secure Computer security Security Communications security Network security. The protection of all communications media; technology; and content Computer security Security Communications security Network security. A subset of communications security; the protection of voice and data; Networking
components; connections; and content. Computer security Security Communications security Network security. Protection of the confidentiality; integrity; and availability of information assets;
whether in storage; processing; or transmission; via the application of policy;
education;training and awareness; and technology information security C.I.A. triad Access Asset. The industry standard for computer security since the development of the mainframe.
The standard is based on three characteristics that describe the utility of information -
confidentiality; integrity; and availability information security C.I.A. triad Access Asset. Authorized users have legal access to a system; whereas hackers must gain illegal
access to a system. information security C.I.A. triad Access Asset. The organizational resource that is being protected information security C.I.A. triad Access Asset. An intentional or unintentional act that can damage or compromise information and
the systems that support it. Attacks can be active or passive; intentional or
unintentional; and direct or indirect. Attack A direct attack Indirect attack Control; safeguard; or countermeasure. It is perpetrated by a hacker using a PC to break into a system Direct attacks originate
from the threat itself. Attack A direct attack Indirect attack Control; safeguard; or countermeasure. It is originated from a compromised system or resource that is malfunctioning or
working under the control of a threat Attack A direct attack Indirect attack Control; safeguard; or countermeasure. Security mechanisms; policies; or procedures that can successfully counter attacks;
reduce risk; resolve vulnerabilities Attack A direct attack Indirect attack Control; safeguard; or countermeasure. A technique used to compromise a system. This term can be a verb or a noun. Threat
agents may attempt to exploit a system or other information asset by using it illegally
for their personal gain Exploit Exposure loss Risk. A condition or state of being exposed; in information security; exposure exists when a
vulnerability is known to an attacker Exploit Exposure Loss risk. A single instance of an information asset suffering damage or destruction; unintended
or unauthorized modification or disclosure; or denial of use. When an organization’s
information is stolen; it has suffered a loss Exploit Exposure Loss Risk. The probability of an unwanted occurrence; such as an adverse event or loss Exploit Exposure Loss Risk. EX; it can be compromised by an attack (object) and then used to attack other systems
(subject). Subjects and objects of attack Threat Threat agent Threat event. Any event or circumstance that has the potential to adversely affect operations and
assets. Subjects and objects of attack Threat Threat agent Threat event. The specific instance or a component of a threat Subjects and objects of attack Threat Threat agent Threat event. An occurrence of an event caused by a threat agent. Subjects and objects of attack Threat Threat agent Threat event. A category of objects; people; or other entities that represents the origin of danger to
an asset—in other words; can be purposeful or undirected - threat source known as
“acts of God/acts of nature Threat source Vulnerability Accuracy Authenticity. A potential weakness in an asset or its defensive control system(s). Some examples of
vulnerabilities are a flaw in a software package; an unprotected system Threat source Vulnerability Accuracy Authenticity. An attribute of information that describes how data is free of errors and has the value
that the user expects Threat source Vulnerability Accuracy Authenticity. An attribute of information that describes how data is genuine or original rather than
reproduced or fabricated. Threat source Vulnerability Accuracy Authenticity. An attribute of information that describes how data is accessible and correctly
formatted for use without interference or obstruction Availability Confidentiality Integrity Personally Identifiable Information (PII). An attribute of information that describes how data is protected from disclosure or
exposure to unauthorized individuals or systems. Availability Confidentiality Integrity Personally Identifiable Information (PII). An attribute of information that describes how data is whole; complete; and
uncorrupted Availability Confidentiality Integrity Personally Identifiable Information (PII). A set of information that could uniquely identify an individual Availability Confidentiality Integrity Personally Identifiable Information (PII). An attribute of information that describes how the data’s ownership or control is
legitimate or authorized.
Possession Utility Information System (IS) Software. An attribute of information that describes how data has value or usefulness for an end
purpose Possession Utility Information System Software. The entire set of software; hardware; data; people; procedures; and networks that
enable the use of information resources in the organization. physical security The
protection of physical items; objects; or areas from unauthorized access and misuse Possession Utility Information System (IS) Software. It includes applications (programs); operating systems; and assorted command
utilities Possession Utility Information System (IS) Software. It is the physical technology that houses and executes the software; stores and
transports the data; and provides interfaces for the entry and removal of information
from the system. Physical security policies deal with hardware as a physical asset and
with the protection of physical assets – such as locks and keys - from harm or theft. Ex:
passed it through the conveyor scanning devices Hardware Data People Procedures. Data stored; processed; and transmitted by a computer system must be protected.
Data is often the most valuable asset of an organization and therefore is the main
target of intentional attacks. Information was originally defined as data with meaning
we will use the term information to represent both unprocessed data and actual
information. Hardware Data People Procedures. Though often overlooked in computer security considerations; people have always
been a threat to information security. In the end; the Khan simply bribed the
gatekeeper - and the rest is history. Whether this event actually occurred or not; the
moral of the story is that people can be the weakest link in an organization’s
information security program Hardware Data People Procedures. They are written instructions for accomplishing a specific task. should be disseminated
among members of an organization on a need-to-know basis Hardware Data People Procedures. Networking is the IS component that created much of the need for increased
computer and information security. When information systems are connected to each
other to form LANs; and these LANs are connected to other networks such as the
Internet; new security challenges rapidly emerge. However; when computer systems
are networked; this approach (locks and keys) is no longer enough. Steps to provide
network security such as installing and configuring firewalls are essential Networks Balancing Information Security and Access Bottom-up approach Top-down approach. Information security technologists and end users must recognize that both groups
share the same overall goals of the organization—to ensure that data is available
when; where; and how it is needed; with minimal delays or obstacles Networks Balancing Information Security and Access Bottom-up approach Top-down approach. A method of establishing security policies and/or practices that begins as a grassroots
effort in which systems administrators attempt to improve the security of their
systems Networks Balancing Information Security and Access Bottom-up approach Top-down approach. A methodology of establishing security policies and/or practices that is initiated by
upper management. It has a higher probability of success Networks Balancing Information Security and Access Bottom-up approach Top-down approach. A formal approach to solving a problem based on a structured sequence of
procedures Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC. A methodology for the design and implementation of an information system. The SDLC
contains different phases depending on the methodology deployed; but generally the
phases address the investigation; analysis; design; implementation; and maintenance
of an information system Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC. A type of SDLC in which each phase of the process “flows from” the information
gained in the previous phase; with multiple opportunities to return to previous phases
and make adjustments Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC. A formal approach to solving a problem based on a structured sequence of
procedures. focuses on integrating the need for the development team to provide
iterative and rapid improvements to system functionality and the need for the
operations team to improve security and minimize the disruption from software
release cycles Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC. In the __________ phase; the information gained from the analysis phase is used to
begin creating a systems solution for a business problem Logical Design Implementation Maintenance and Change Software Assurance (SA). In the __________ phase; any needed software is created. Logical Design Implementation Maintenance and Change Software Assurance (SA). The maintenance and change phase is the longest and most expensive of the process.
This phase consists of the tasks necessary to support and modify the system for the
remainder of its useful life cycle. Logical Design Implementation Maintenance and Change Software Assurance (SA). A methodological approach to the development of software that seeks to build
security into the development life cycle rather than address it at later stages Logical Design Implementation Maintenance and Change Software Assurance (SA). Keep the design as simple and small as possible Economy of mechanism Fail-safe defaults Complete mediation Open design. Base access decisions on permission rather than exclusion Economy of mechanism Fail-safe defaults Complete mediation Open design.
