Chapter 1 - Introduction to Information Security Flashcards

1
Q

Where did the information security began?

A

It began after the creation of mainframe. It was developed for code breaking computations during WWII.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the threats in mainframe era of information seurity?

A

Physical theft, espionage, and sabotage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

1960 events

A
  1. Advance Research Project Agency examine the feasibility redundant communication.
  2. Larry Roberts was the one who developed ARPANET from its inception. It linked computers (17 computer research centers), resource sharing and it cost 3.4 million dollar.
  3. ARPANET is the predecessor to the internet.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

1970’s - 1980’s events in ISec

A

It grew popular as well as its misuse. Fundamental problems with ARPANET security were the:
1. Individual remote sites are not secured for unauthorized users.
2. Vulnerability of password structure and formats.
3. No safety procedure for dial up connections to ARPANET.
4. Non-existent user identification and authorization to system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

1970’s - 1980’s events in ISec

A

Rand Report R-609 - it is a paper that stated the study of computer security. It grew physical security to; safety of data, limiting unauthorize access to data, and involvement of personnel from multiple levels of organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

MULTICS - Multiplexed information computing services

A

It is the first operating system that was created with security as its primary goals. Several multics key players created the UNIX.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Late 1970’s

A

Microprocessor expanded computing capabilities. The presence of mainframe reduced, and it also expanded the security threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

1990’s

A

Network of computers became common. The need for interconnect networks grew. It was also the time where security was treated as low priority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

2000 to present

A

Millions of computer network communicate and the need for security is needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is security?

A

“The quality or state of being secure—to be free from danger”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 6 security of an organization?

A

Physical, personal, operational, communication, network, and information security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the components of Isec

A

Management of Information Security, Network Security, and Computer, data security. and policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Access

A

-a subject or object’s ability to use, manipulate, modify, or affect another subject or object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Assets

A

the organizational resource that is being protected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Exposure

A

a single instance of being open to damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Loss

A

When an organization’s information is stolen, it has suffered a loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Exploit

A

to take advantage of weaknesses or vulnerability in a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Attack

A

an act that is an intentional or unintentional attempt
to cause damage or compromise to the information and/or the systems that support it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Control, Safeguard, or Countermeasure-

A

security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Hack

A
  • Good: to use computers or systems for enjoyment;
    -Bad: to illegally gain access to a computer or system.
21
Q

Risk

A

the probability that something can happen.

22
Q

Security Blueprint

A

the plan for the implementation of new security measures in the organization.

23
Q

Security Model

A

a collection of specific security rules that represents the implementation of a security policy.

24
Q

Subject and Object

A

an active entity that interacts with an information system and causes information to move through the system for a specific end purpose.

25
Q

Threat

A

a category of objects, persons, or other entities that
represents a potential danger to an asset.

26
Q

Threat agent

A
  • specific instance or component of a more
    general threat.
27
Q

Vulnerability

A

weaknesses or faults in a system or protection mechanism that exposes information to attack or damage.

28
Q

What are the critical characteristics of information?

A

Availability, Accuracy, authenticity, confidentiality, integrity, and possession.

29
Q

Availability

A
  • Enables users who need to access information
    to do so without interference or obstruction and in the
    required format.
30
Q

Accuracy

A

Free from mistake or error and having the value
that the end user expects

31
Q

Authenticity

A

The quality or state of being genuine or
original, rather than a reproduction or fabrication

32
Q

Confidentiality

A

The quality or state of preventing disclosure
or exposure to unauthorized individuals or systems

33
Q

Integrity

A

The quality or state of being whole, complete, and
uncorrupted.

34
Q

Possession

A
  • The quality or state of having ownership or
    control of some object or item
35
Q

Components of an information system

A

Software, hardware, data, people. procedure, networks

36
Q

What two things should be balance in IS?

A

Protection and Availability

37
Q

Implementation approach

A

Bottom-Up and Top-down

38
Q

Bottom-Up

A

It seldom works. Why? Lack of participant support and organizational staying power.

39
Q

Top-down

A

Initiated by top management.

40
Q

Senior Management

A

CIO and CISO

41
Q

CIO

A

Advising senior executives on strategic planning

42
Q

CISO

A

Assessment, management, and implementation of IS in the organization.

43
Q

Information Security Project Team

A

*Team leader
* Security policy developers
* Risk assessment specialists
* Security professionals
* Systems administrators
* End users

44
Q

Data responsibilities

A

Data owner, custodian, and users

45
Q

Data owner

A

responsible for the security and use of a
particular set of information

46
Q

Data Custodian

A

responsible for storage, maintenance, and
protection of information

47
Q

Data users

A

end users who work with information to perform
their daily jobs supporting the mission of the organization

48
Q

Communities of interest

A
  • Information security management and professionals
  • Information technology management and professionals
  • Organizational management and professionals