Chapter 1 - Introduction to Information Security

Question 1

Where did the information security began?

Answer 1

It began after the creation of mainframe. It was developed for code breaking computations during WWII.

Question 2

What are the threats in mainframe era of information seurity?

Answer 2

Physical theft, espionage, and sabotage.

Question 3

1960 events

Answer 3

1. Advance Research Project Agency examine the feasibility redundant communication.
2. Larry Roberts was the one who developed ARPANET from its inception. It linked computers (17 computer research centers), resource sharing and it cost 3.4 million dollar.
3. ARPANET is the predecessor to the internet.

Question 4

1970’s - 1980’s events in ISec

Answer 4

It grew popular as well as its misuse. Fundamental problems with ARPANET security were the:
1. Individual remote sites are not secured for unauthorized users.
2. Vulnerability of password structure and formats.
3. No safety procedure for dial up connections to ARPANET.
4. Non-existent user identification and authorization to system.

Question 5

1970’s - 1980’s events in ISec

Answer 5

Rand Report R-609 - it is a paper that stated the study of computer security. It grew physical security to; safety of data, limiting unauthorize access to data, and involvement of personnel from multiple levels of organization.

Question 6

MULTICS - Multiplexed information computing services

Answer 6

It is the first operating system that was created with security as its primary goals. Several multics key players created the UNIX.

Question 7

Late 1970’s

Answer 7

Microprocessor expanded computing capabilities. The presence of mainframe reduced, and it also expanded the security threats.

Question 8

1990’s

Answer 8

Network of computers became common. The need for interconnect networks grew. It was also the time where security was treated as low priority.

Question 9

2000 to present

Answer 9

Millions of computer network communicate and the need for security is needed.

Question 10

What is security?

Answer 10

“The quality or state of being secure—to be free from danger”

Question 11

What are the 6 security of an organization?

Answer 11

Physical, personal, operational, communication, network, and information security.

Question 12

What are the components of Isec

Answer 12

Management of Information Security, Network Security, and Computer, data security. and policy.

Question 13

Access

Answer 13

-a subject or object’s ability to use, manipulate, modify, or affect another subject or object.

Question 14

Assets

Answer 14

the organizational resource that is being protected.

Question 15

Exposure

Answer 15

a single instance of being open to damage.

Question 16

Loss

Answer 16

When an organization’s information is stolen, it has suffered a loss.

Question 17

Exploit

Answer 17

to take advantage of weaknesses or vulnerability in a system.

Question 18

Attack

Answer 18

an act that is an intentional or unintentional attempt
to cause damage or compromise to the information and/or the systems that support it.

Question 19

Control, Safeguard, or Countermeasure-

Answer 19

security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.

Question 20

Hack

Answer 20

• Good: to use computers or systems for enjoyment;
  -Bad: to illegally gain access to a computer or system.

Question 21

Risk

Answer 21

the probability that something can happen.

Question 22

Security Blueprint

Answer 22

the plan for the implementation of new security measures in the organization.

Question 23

Security Model

Answer 23

a collection of specific security rules that represents the implementation of a security policy.

Question 24

Subject and Object

Answer 24

an active entity that interacts with an information system and causes information to move through the system for a specific end purpose.

Question 25

Threat

Answer 25

a category of objects, persons, or other entities that
represents a potential danger to an asset.

Question 26

Threat agent

Answer 26

• specific instance or component of a more
  general threat.

Question 27

Vulnerability

Answer 27

weaknesses or faults in a system or protection mechanism that exposes information to attack or damage.

Question 28

What are the critical characteristics of information?

Answer 28

Availability, Accuracy, authenticity, confidentiality, integrity, and possession.

Question 29

Availability

Answer 29

• Enables users who need to access information
  to do so without interference or obstruction and in the
  required format.

Question 30

Accuracy

Answer 30

Free from mistake or error and having the value
that the end user expects

Question 31

Authenticity

Answer 31

The quality or state of being genuine or
original, rather than a reproduction or fabrication

Question 32

Confidentiality

Answer 32

The quality or state of preventing disclosure
or exposure to unauthorized individuals or systems

Question 33

Integrity

Answer 33

The quality or state of being whole, complete, and
uncorrupted.

Question 34

Possession

Answer 34

• The quality or state of having ownership or
  control of some object or item

Question 35

Components of an information system

Answer 35

Software, hardware, data, people. procedure, networks

Question 36

What two things should be balance in IS?

Answer 36

Protection and Availability

Question 37

Implementation approach

Answer 37

Bottom-Up and Top-down

Question 38

Bottom-Up

Answer 38

It seldom works. Why? Lack of participant support and organizational staying power.

Question 39

Top-down

Answer 39

Initiated by top management.

Question 40

Senior Management

Answer 40

CIO and CISO

Question 41

CIO

Answer 41

Advising senior executives on strategic planning

Question 42

CISO

Answer 42

Assessment, management, and implementation of IS in the organization.

Question 43

Information Security Project Team

Answer 43

*Team leader
* Security policy developers
* Risk assessment specialists
* Security professionals
* Systems administrators
* End users

Question 44

Data responsibilities

Answer 44

Data owner, custodian, and users

Question 45

Data owner

Answer 45

responsible for the security and use of a
particular set of information

Question 46

Data Custodian

Answer 46

responsible for storage, maintenance, and
protection of information

Question 47

Data users

Answer 47

end users who work with information to perform
their daily jobs supporting the mission of the organization

Question 48

Communities of interest

Answer 48

• Information security management and professionals
• Information technology management and professionals
• Organizational management and professionals