Deck 1: Introduction to Information Security

Using a methodology increases the probability of success.

The physical design is the blueprint for the desired solution.

To achieve balance - that is,to operate an information system that satisfies the user and the security professional - the security level must allow reasonable access,yet protect against threats.

The investigation phase of the SecSDLC begins with a directive from upper management.

Recently,many states have implemented legislation making certain computer-related activities illegal.

Information security can be an absolute.

The value of information comes from the characteristics it possesses.

The possession of information is the quality or state of having value for some purpose or end.

Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks.

A champion is a project manager,who may be a departmental line manager or staff unit manager,and understands project management,personnel management,and information security technical requirements.

When a computer is the subject of an attack,it is the entity being attacked.

The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).

A data custodian works directly with data owners and is responsible for the storage,maintenance,and protection of the information.

The bottom-up approach to information security has a higher probability of success than the top-down approach.

Applications systems developed within the framework of the traditional SDLC are designed to anticipate a software attack that requires some degree of application reconstruction.

An e-mail virus involves sending an e-mail message with a modified field.

The roles of information security professionals are aligned with the goals and mission of the information security community of interest.

The primary threats to security during the early years of computers were physical theft of equipment,espionage against the products of the systems,and sabotage.

A breach of possession always results in a breach of confidentiality.

The Security Development Life Cycle (SDLC)is a methodology for the design and implementation of an information system._________________________

Hardware is the physical technology that houses and executes the software,stores and transports the data,and provides interfaces for the entry and removal of information from the system._________________________

Of the two approaches to information security implementation,the top-down approach has a higher probability of success._________________________

Information has redundancy when it is free from mistakes or errors and it has the value that the end user expects._________________________

Confidentiality ensures that only those with the rights and privileges to access information are able to do so._________________________

Direct attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat._________________________

MULTICS stands for Multiple Information and Computing Service._________________________

In information security,salami theft occurs when an employee steals a few pieces of information at a time,knowing that taking more would be noticed - but eventually the employee gets something complete or useable._________________________

Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems,which is often referred to as a bottom-up approach._________________________

In general,protection is "the quality or state of being secure-to be free from danger." _________________________

The Analysis phase of the SecSDLC begins with a directive from upper management._________________________

Key end users should be assigned to a developmental team,known as the united application development team._________________________

Risk evaluation is the process of identifying,assessing,and evaluating the levels of risk facing the organization,specifically the threats to the organization's security and to the information stored and processed by the organization._________________________

A(n)project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas._________________________

Policies are written instructions for accomplishing a specific task._________________________

The Internet brought connectivity to virtually all computers that could reach a phone line or an Internet-connected local area ____________________.

During the early years,information security was a straightforward process composed predominantly of ____________________ security and simple document classification schemes.

The CNSS model of information security evolved from a concept developed by the computer security industry known as the ____________________ triangle.

The history of information security begins with the history of ____________________ security.

During the ____________________ War,many mainframes were brought online to accomplish more complex and sophisticated tasks so it became necessary to enable the mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers.

In the ____________________ approach,the project is initiated by upper-level managers who issue policy,procedures and processes,dictate the goals and expected outcomes,and determine accountability for each required action.

Information has ____________________ when it is whole,complete,and uncorrupted.

In an organization,the value of ____________________ of information is especially high when it involves personal information about employees,customers,or patients.

A(n)____________________ is a formal approach to solving a problem by means of a structured sequence of procedures.

____________________ enables authorized users - persons or computer systems - to access information without interference or obstruction and to receive it in the required format.

A frequently overlooked component of an IS,____________________ are written instructions for accomplishing a specific task.

The senior technology officer is typically the chief ____________________ officer.

List and describe the six phases of the security systems development life cycle.

Describe the multiple types of security systems present in many organizations.

____________________ carries the lifeblood of information through an organization.

The ____________________ component of the IS comprises applications,operating systems,and assorted command utilities.

Outline types of data ownership and their respective responsibilities.

A(n)____________________ information security policy outlines the implementation of a security program within the organization.

The ____________________ of information is the quality or state of ownership or control of some object or item.

A(n)_________________________ is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives.

A computer is the ____________________ of an attack when it is the target entity.

The ____________________ phase consists primarily of assessments of the organization,its current systems,and its capability to support the proposed systems.

____________________ of information is the quality or state of being genuine or original,rather than a reproduction or fabrication.