s6-t-f

Computer security Means The need to secure the physical location of computer technology from outside threats. true. false.

Security Means A state of being secure and free from danger or harm. Also; the actions taken to make someone or something secure. true. false.

Communications security Means The protection of all communications media; technology; and content. true. false.

Network security Means Protection of the confidentiality; integrity; and availability of information assets; whether in storage; processing; or transmission; via the application of policy; education;training and awareness; and technology. TRUE. FALSE.

information security Means A subset of communications security; the protection of voice and data; Networking components; connections; and content. true. false.

C.I.A. triad Means The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information - confidentiality; integrity; and availability. true. false.

Access Means Authorized users have legal access to a system; whereas hackers must gain illegal access to a system. true. false.

Asset Means The organizational resource that is being protected. true. false.

Attack Means It is perpetrated by a hacker using a PC to break into a system Direct attacks originate from the threat itself. true. false.

A direct attack Means An intentional or unintentional act that can damage or compromise information and the systems that support it. Attacks can be active or passive; intentional or unintentional; and direct or indirect. true. false.

Indirect attack Means Security mechanisms; policies; or procedures that can successfully counter attacks; reduce risk; resolve vulnerabilities. true. false.

Control; safeguard; or countermeasure Means It is originated from a compromised system or resource that is malfunctioning or working under the control of a threat. true. false.

Exploit Means A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain. true. false.

Exposure Means A condition or state of being exposed; in information security; exposure exists when a vulnerability is known to an attacker. true. false.

Loss Means A single instance of an information asset suffering damage or destruction; unintended or unauthorized modification or disclosure; or denial of use. When an organization’s information is stolen; it has suffered a loss. true. false.

Risk Means The probability of an unwanted occurrence; such as an adverse event or loss. true. false.

Subjects and objects of attack Means EX; it can be compromised by an attack (object) and then used to attack other systems (subject). true. false.

Threat Means Any event or circumstance that has the potential to adversely affect operations and assets. true. false.

Threat agent Means An occurrence of an event caused by a threat agent. true. false.

Threat event Means The specific instance or a component of a threat. true. false.

Threat source Means A category of objects; people; or other entities that represents the origin of danger to an asset—in other words; can be purposeful or undirected - threat source known as “acts of God/acts of nature. true. false.

Vulnerability Means A potential weakness in an asset or its defensive control system(s). Some examples of vulnerabilities are a flaw in a software package; an unprotected system. true. false.

Accuracy Means An attribute of information that describes how data is genuine or original rather than reproduced or fabricated. true. false.

Authenticity Means An attribute of information that describes how data is free of errors and has the value that the user expects. true. false.

Availability Means An attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems. true. false.

Confidentiality Means An attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction. true. false.

Integrity Means A set of information that could uniquely identify an individual. true. false.

Personally Identifiable Information (PII) Means An attribute of information that describes how data is whole; complete; and uncorrupted. true. false.

Possession Means An attribute of information that describes how the data’s ownership or control is legitimate or authorized. true. false.

Utility Means An attribute of information that describes how data has value or usefulness for an end purpose. true. false.

Information System (IS) Means The entire set of software; hardware; data; people; procedures; and networks that enable the use of information resources in the organization. physical security The protection of physical items; objects; or areas from unauthorized access and misuse. true. false.

Software Means It includes applications (programs); operating systems; and assorted command utilities. true. false.

Hardware Means It is the physical technology that houses and executes the software; stores and transports the data; and provides interfaces for the entry and removal of information from the system. Physical security policies deal with hardware as a physical asset and with the protection of physical assets – such as locks and keys - from harm or theft. Ex: passed it through the conveyor scanning devices. true. false.

Data Means Data stored; processed; and transmitted by a computer system must be protected. Data is often the most valuable asset of an organization and therefore is the main target of intentional attacks. Information was originally defined as data with meaning we will use the term information to represent both unprocessed data and actual information. true. false.

People Means Though often overlooked in computer security considerations; people have always been a threat to information security. In the end; the Khan simply bribed the gatekeeper - and the rest is history. Whether this event actually occurred or not; the moral of the story is that people can be the weakest link in an organization’s information security program. true. false.

Procedures Means Networking is the IS component that created much of the need for increased computer and information security. When information systems are connected to each other to form LANs; and these LANs are connected to other networks such as the Internet; new security challenges rapidly emerge. However; when computer systems are networked; this approach (locks and keys) is no longer enough. Steps to provide network security such as installing and configuring firewalls are essential. true. false.

Networks Means They are written instructions for accomplishing a specific task. should be disseminated among members of an organization on a need-to-know basis. true. false.

Balancing Information Security and Access Means Information security technologists and end users must recognize that both groups share the same overall goals of the organization—to ensure that data is available when; where; and how it is needed; with minimal delays or obstacles. true. false.

Bottom-up approach Means A method of establishing security policies and/or practices that begins as a grassroots effort in which systems administrators attempt to improve the security of their systems. true. false.

Top-down approach Means A methodology of establishing security policies and/or practices that is initiated by upper management. It has a higher probability of success. true. false.

Methodology Means A formal approach to solving a problem based on a structured sequence of procedures. true. false.

Systems Development Life Cycle (SDLC) Means A methodology for the design and implementation of an information system. The SDLC contains different phases depending on the methodology deployed; but generally the phases address the investigation; analysis; design; implementation; and maintenance of an information system. true. false.

Waterfall SDLC Means A type of SDLC in which each phase of the process “flows from” the information gained in the previous phase; with multiple opportunities to return to previous phases and make adjustments. true. false.

DevOps SDLC Means A formal approach to solving a problem based on a structured sequence of procedures. focuses on integrating the need for the development team to provide iterative and rapid improvements to system functionality and the need for the operations team to improve security and minimize the disruption from software release cycles. true. false.

Logical Design Means In the logical design phase; the information gained from the analysis phase is used to begin creating a systems solution for a business problem. true. false.

Implementation Means In the implementation phase; any needed software is created. true. false.

Maintenance and Change Means The maintenance and change phase is the longest and most expensive of the process. This phase consists of the tasks necessary to support and modify the system for the remainder of its useful life cycle. true. false.

Software Assurance (SA) Means A methodological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages. true. false.

Economy of mechanism Means Keep the design as simple and small as possible. true. false.

Fail-safe defaults Means Base access decisions on permission rather than exclusion. true. false.

Complete mediation Means Every access to every object must be checked for authority. true. false.

Open design Means Where feasible; a protection mechanism should require two keys to unlock; rather than one. true. false.

Separation of privilege Means The design should not be secret; but rather depend on the possession of keys or passwords. true. false.

Least privilege Means Every program and every user of the system should operate using the least set of privileges necessary to complete the job. true. false.

Least common mechanism Means Minimize mechanisms (or shared variables) common to more than one user and depended on by all users. true. false.

Psychological acceptability Means It is essential that the human interface be designed for ease of use; so that users routinely and automatically apply the protection mechanisms correctly. true. false.

chief information officer (CIO) Means The CIO translates the strategic plans of the organization as a whole into strategic information plans for the information systems or data processing division of the organization. An executive-level position that oversees the organization’s computing technology and strives to create efficiency in the processing and access of the organization’s information. true. false.

chief information security officer (CISO) Means Typically considered the top information security officer in an organization. true. false.

Project team Means A small functional team of people who are experienced in one or multiple facets of the required technical and nontechnical areas for the project to which they are assigned. true. false.

Champion Means A senior executive who promotes the project and ensures its support; both financially and administratively; at the highest levels of the organization. true. false.

Team leader Means A project manager who may also be a departmental line manager or staff unit manager; and who understands project management; personnel management; and information security technical requirements. true. false.

Security policy developers Means People who understand the organizational culture; existing policies; and requirements for developing and implementing successful policies. true. false.

Risk assessment specialists Means People who understand financial risk assessment techniques; the value of organizational assets; and the security methods to be used. true. false.

Security professionals Means Dedicated; trained; and well-educated specialists in all aspects of information security from both a technical and nontechnical standpoint. true. false.

Systems administrators Means People with the primary responsibility for administering systems that house the information used by the organization. true. false.

End users Means Individuals who work directly with data owners and are responsible for storage; maintenance; and protection of information. true. false.

data custDdians Means Those whom the new system will most directly affect. Ideally; a selection of users from various departments; levels; and degrees of technical knowledge assist the team in focusing on the application of realistic controls that do not disrupt the essential business activities they seek to safeguard. true. false.

Security as Art Means The administrators and technicians who implement security can be compared to a painter applying oils to canvas. A touch of color here; a brush stroke there; just enough to represent the image the artist wants to convey without overwhelming the viewer—or in security terms; without overly restricting user access. true. false.

Security as Science Means Technology developed by computer scientists and engineers—which is designed for rigorous performance levels—makes information security a science as well as an art. true. false.

Security as a Social Science Means Social science examines the behavior of people as they interact with systems; whether they are societal systems or; as in this context; information systems. true. false.

Ethics Means They carry the authority of a governing body. true. false.

laws Means They are based on cultural mores. true. false.

Information aggregation Means Collective data that relates to a group or category of people and that has been altered to remove characteristics or components that make it possible to identify individuals within the group. true. false.

Privacy Means Pieces of nonprivate data that- when combined- may create information that violates privacy. Not to be confused with aggregate information. true. false.

Aggregate information Means In the context of information security- the right of individuals or groups to protect themselves and their information from unauthorized access- providing confidentiality. true. false.

Association of Computing Machinery (ACM) Means It is a respected professional society that was established in 1947 as “the world’s first educational and scientific computing society.”. true. false.

Federal Bureau of Investigation (FBI) Means It investigates both traditional crimes and cybercrimes- and works with the U.S. true. false.

Payment Card Industry Data Security Standards (PCI DSS) Means It is organization that process payment cards- such as credit cards- debit cards- ATM cards- store-value cards- gift cards- or other related items. true. false.

goals Means The desired end of a planning cycle. true. false.

strategic plan Means The intermediate states obtained to achieve progress toward a goal or goals. true. false.