Computer security Means The need to secure the physical location of computer
technology from outside threats. true false . Security Means A state of being secure and free from danger or harm. Also; the
actions taken to make someone or something secure true false. Communications security Means The protection of all communications media;
technology; and content true false . Network security Means Protection of the confidentiality; integrity; and
availability of information assets; whether in storage; processing; or transmission; via
the application of policy; education;training and awareness; and technology TRUE FALSE. information security Means A subset of communications security; the protection
of voice and data; Networking components; connections; and content. true false . C.I.A. triad Means The industry standard for computer security since the
development of the mainframe. The standard is based on three characteristics that
describe the utility of information - confidentiality; integrity; and availability true false . Access Means Authorized users have legal access to a system; whereas hackers
must gain illegal access to a system true false . Asset Means The organizational resource that is being protected. true false . Attack Means It is perpetrated by a hacker using a PC to break into a system
Direct attacks originate from the threat itself. true false. A direct attack Means An intentional or unintentional act that can damage or
compromise information and the systems that support it. Attacks can be active or
passive; intentional or unintentional; and direct or indirect true false . Indirect attack Means Security mechanisms; policies; or procedures that can
successfully counter attacks; reduce risk; resolve vulnerabilities true false . Control; safeguard; or countermeasure Means It is originated from a
compromised system or resource that is malfunctioning or working under the control
of a threat true false . Exploit Means A technique used to compromise a system. This term can be a
verb or a noun. Threat agents may attempt to exploit a system or other information
asset by using it illegally for their personal gain true false . Exposure Means A condition or state of being exposed; in information security;
exposure exists when a vulnerability is known to an attacker true false . Loss Means A single instance of an information asset suffering damage or
destruction; unintended or unauthorized modification or disclosure; or denial of use.
When an organization’s information is stolen; it has suffered a loss. true false . Risk Means The probability of an unwanted occurrence; such as an adverse
event or loss true false . Subjects and objects of attack Means EX; it can be compromised by an attack
(object) and then used to attack other systems (subject). true false . Threat Means Any event or circumstance that has the potential to adversely
affect operations and assets. true false. Threat agent Means An occurrence of an event caused by a threat agent true false . Threat event Means The specific instance or a component of a threat true false . Threat source Means A category of objects; people; or other entities that
represents the origin of danger to an asset—in other words; can be purposeful or
undirected - threat source known as “acts of God/acts of nature true false . Vulnerability Means A potential weakness in an asset or its defensive control
system(s). Some examples of vulnerabilities are a flaw in a software package; an
unprotected system true false . Accuracy Means An attribute of information that describes how data is genuine
or original rather than reproduced or fabricated true false . Authenticity Means An attribute of information that describes how data is free
of errors and has the value that the user expects true false. Availability Means An attribute of information that describes how data is
protected from disclosure or exposure to unauthorized individuals or systems. true false . Confidentiality Means An attribute of information that describes how data is
accessible and correctly formatted for use without interference or obstruction true false. Integrity Means A set of information that could uniquely identify an individual true false. Personally Identifiable Information (PII) Means An attribute of information that
describes how data is whole; complete; and uncorrupted true false. Possession Means An attribute of information that describes how the data’s
ownership or control is legitimate or authorized true false. Utility Means An attribute of information that describes how data has value or
usefulness for an end purpose true false . Information System (IS) Means The entire set of software; hardware; data;
people; procedures; and networks that enable the use of information resources in the
organization. physical security The protection of physical items; objects; or areas from
unauthorized access and misuse true false . Software Means It includes applications (programs); operating systems; and
assorted command utilities true false. Hardware Means It is the physical technology that houses and executes the
software; stores and transports the data; and provides interfaces for the entry and
removal of information from the system. Physical security policies deal with hardware
as a physical asset and with the protection of physical assets – such as locks and keys -
from harm or theft. Ex: passed it through the conveyor scanning devices true false. Data Means Data stored; processed; and transmitted by a computer system
must be protected. Data is often the most valuable asset of an organization and
therefore is the main target of intentional attacks. Information was originally defined
as data with meaning we will use the term information to represent both unprocessed
data and actual information true false . People Means Though often overlooked in computer security considerations;
people have always been a threat to information security. In the end; the Khan simply
bribed the gatekeeper - and the rest is history. Whether this event actually occurred or
not; the moral of the story is that people can be the weakest link in an organization’s
information security program true false. Procedures Means Networking is the IS component that created much of the
need for increased computer and information security. When information systems are
connected to each other to form LANs; and these LANs are connected to other
networks such as the Internet; new security challenges rapidly emerge. However;
when computer systems are networked; this approach (locks and keys) is no longer
enough. Steps to provide network security such as installing and configuring firewalls
are essential true false . Networks Means They are written instructions for accomplishing a specific task.
should be disseminated among members of an organization on a need-to-know basis. true false . Balancing Information Security and Access Means Information security
technologists and end users must recognize that both groups share the same overall
goals of the organization—to ensure that data is available when; where; and how it is
needed; with minimal delays or obstacles. true false . Bottom-up approach Means A method of establishing security policies and/or
practices that begins as a grassroots effort in which systems administrators attempt to
improve the security of their systems true false . Top-down approach Means A methodology of establishing security policies
and/or practices that is initiated by upper management. It has a higher probability of
success true false . Methodology Means A formal approach to solving a problem based on a
structured sequence of procedures. true false . Systems Development Life Cycle (SDLC) Means A methodology for the design
and implementation of an information system. The SDLC contains different phases
depending on the methodology deployed; but generally the phases address the
investigation; analysis; design; implementation; and maintenance of an information
system true false . Waterfall SDLC Means A type of SDLC in which each phase of the process “flows
from” the information gained in the previous phase; with multiple opportunities to
return to previous phases and make adjustments true false . DevOps SDLC Means A formal approach to solving a problem based on a
structured sequence of procedures. focuses on integrating the need for the
development team to provide iterative and rapid improvements to system
functionality and the need for the operations team to improve security and minimize
the disruption from software release cycles true false . Logical Design Means In the logical design phase; the information gained from
the analysis phase is used to begin creating a systems solution for a business problem true false . Implementation Means In the implementation phase; any needed software is
created. true false . Maintenance and Change Means The maintenance and change phase is the
longest and most expensive of the process. This phase consists of the tasks necessary
to support and modify the system for the remainder of its useful life cycle. true false . Software Assurance (SA) Means A methodological approach to the development
of software that seeks to build security into the development life cycle rather than
address it at later stages. true false . Economy of mechanism Means Keep the design as simple and small as possible true false . Fail-safe defaults Means Base access decisions on permission rather than
exclusion. true false . Complete mediation Means Every access to every object must be checked for
authority true false . Open design Means Where feasible; a protection mechanism should require
two keys to unlock; rather than one true false . Separation of privilege Means The design should not be secret; but rather
depend on the possession of keys or passwords true false . Least privilege Means Every program and every user of the system should
operate using the least set of privileges necessary to complete the job. true false . Least common mechanism Means Minimize mechanisms (or shared variables)
common to more than one user and depended on by all users. true false . Psychological acceptability Means It is essential that the human interface be
designed for ease of use; so that users routinely and automatically apply the
protection mechanisms correctly true false . chief information officer (CIO) Means The CIO translates the strategic plans of
the organization as a whole into strategic information plans for the information
systems or data processing division of the organization. An executive-level position
that oversees the organization’s computing technology and strives to create efficiency
in the processing and access of the organization’s information. true false . chief information security officer (CISO) Means Typically considered the top
information security officer in an organization. true false . Project team Means A small functional team of people who are experienced in
one or multiple facets of the required technical and nontechnical areas for the project
to which they are assigned true false . Champion Means A senior executive who promotes the project and ensures its
support; both financially and administratively; at the highest levels of the organization true false . Team leader Means A project manager who may also be a departmental line
manager or staff unit manager; and who understands project management; personnel
management; and information security technical requirements. true false . Security policy developers Means People who understand the organizational
culture; existing policies; and requirements for developing and implementing
successful policies. true false . Risk assessment specialists Means People who understand financial risk
assessment techniques; the value of organizational assets; and the security methods
to be used. true false . Security professionals Means Dedicated; trained; and well-educated specialists
in all aspects of information security from both a technical and nontechnical
standpoint true false . Systems administrators Means People with the primary responsibility for
administering systems that house the information used by the organization. true false . End users Means Individuals who work directly with data owners and are
responsible for storage; maintenance; and protection of information true false . data custDdians Means Those whom the new system will most directly affect.
Ideally; a selection of users from various departments; levels; and degrees of technical
knowledge assist the team in focusing on the application of realistic controls that do
not disrupt the essential business activities they seek to safeguard. true false . Security as Art Means The administrators and technicians who implement
security can be compared to a painter applying oils to canvas. A touch of color here; a
brush stroke there; just enough to represent the image the artist wants to convey
without overwhelming the viewer—or in security terms; without overly restricting
user access true false . Security as Science Means Technology developed by computer scientists and
engineers—which is designed for rigorous performance levels—makes information
security a science as well as an art. true false . Security as a Social Science Means Social science examines the behavior of
people as they interact with systems; whether they are societal systems or; as in this
context; information systems. true false . Ethics Means They carry the authority of a governing body true false . laws Means They are based on cultural mores. true false . Information aggregation Means Collective data that relates to a group or category
of people and that has been altered to remove characteristics or components that
make it possible to identify individuals within the group. true false . Privacy Means Pieces of nonprivate data that- when combined- may create
information that violates privacy. Not to be confused with aggregate information true false . Aggregate information Means In the context of information security- the right of
individuals or groups to protect themselves and their information from unauthorized
access- providing confidentiality true false . Association of Computing Machinery (ACM) Means It is a respected professional
society that was established in 1947 as “the world’s first educational and scientific
computing society.” true false . Federal Bureau of Investigation (FBI) Means It investigates both traditional crimes
and cybercrimes- and works with the U.S true false . Payment Card Industry Data Security Standards (PCI DSS) Means It is organization
that process payment cards- such as credit cards- debit cards- ATM cards- store-value
cards- gift cards- or other related items true false . goals Means The desired end of a planning cycle. true false . strategic plan Means The intermediate states obtained to achieve progress toward
a goal or goals. true false .