5.1 Flashcards
What are the components of The information system
Procedures, people, hardware, networks, software, data.
____________ is protecting information and information systems from unauthorized access use, disclosure, disruption modification or destruction
Information security
This component of the IS has increased the necessity of information security…
Networks
Out off all the component of IS, They are considered the weakest link in an organization’s security program…
People
This component of IS is considered the most difficult to secure..
Software
This component of IS is considered the most valuable to an organization and the main target for intentional attacks..
Data
_______ consists of facts and figures that are stored, processed, or transmitted in or out by the information system….
Data
This component of the Is is considered as physical assets which must be protected from harm, theft…..
Hardware
What are the main goals of Information security?
Confidentiality , integrity, and availability.
What are the types of protections?
Physical protection, awareness-based protection, technical protection
The hardware component of Is requires which kind of protection?
Physical protection
The people and procedures require which land of protection?
Awarness-based protection
Software, data, and networks require which kind of protection?
Technical protection
Cryptography, firewalls, access control systems are all examples of….
Security technologies
The main goals of information security are also commonly known as _________.
CIA triad
A ________ is one of the main concerns in information security.
Security attack
What are the main two types of security attacks?
insider attack, external attack
Insider and external attacks can be further classified into four categories: modification attack, fabrication attack, _________ attack, and _________ attacks
interception, interruption
which security attacks affects confidentiality?
interception
which security attacks affect integrity and availability?
interruption attacks, fabrication attacks, and modification attacks.
_______ attacks allow an attacker to gain access to sensitive information.
interception
_______ attacks allow an attack to make sensitive information unusable or unavailable to authorized users.
interruption
________ attacks allow an attacker to tamper with sensitive information.
modification
________ attacks is the type of attack in which the attackers inserts forged objects or information into the system, as if it was generated by an authorized user.
fabrication
______ consists of the physical technologies installed in the IS that host and execute the software, store and transport the data and provides interfaces for entering and removing the information in the system.
hardware
T or F: the physical location of computers and the computers themselves must be secured.
t, because a breach of physical security can result in a loss of information.
information systems are often connected together to form ______ such as a LAN.
networks
Which component of IS requires extreme focus to secure it?
software
T or F: the security of LANs become worse when they are connected to the internet.
t
_______ protection involves the use of physical security policies, such as locks and keys that restrict access to the area where the hardware components are located.
physical
_____ protection involves education and training to prevent users from accidental or intentional misuse of information or procedures.
awareness-based
_______ protection involves the use of security technologies to manage access to and usage of, a system or information by different users.
technical
T or F: technical protection can also be additionally applied for the protection of people and procedures.
true
________ is the ability to prevent unauthorized disclosure of information so that sensitive information is accessible only to authorized users.
confidentialty
______ is the ability to prevent unauthorized modification of information in order to maintain its accuracy, consistency, and trustworthiness over its entire life cycle.
integrity
_________ is the ability to prevent unauthorized withholding of information so that it is available when needed by the authorized users.
availability
______ attacks are security attacks performed by unauthorized users (outsiders).
external
______ attack are security attacks performed by authorized users (insiders).
Internal
_______ is any kind of malicious activity that attempts to collect, disrupt, deny, degrade or destroy information system resources or information itself.
attack
an ________ is a person who possesses the authority to perform an action or set of activites.
authorized user
an _________ is a person who does not possess the authority to perform an action or set of activites.
unauthorized user
__________ is the exposure of information to user(s) not authorized to access the information
unauthorized disclosure
________ is the modification of info by user(s) not authorized to modify the information.
unauthorized modification
