Chapter 1 Key Concepts and Terms

Question 1

3 tenets of information systems security

Answer 1

Confidentiality, integrity, and availability.

Question 2

AUP (Acceptable Use Policy)

Answer 2

what users are allowed and not allowed to do with organization

Question 3

availability

Answer 3

a mathematical calculation where A=(Total Uptime)/(Total Uptime+Total Downtime)

Question 4

availability

Answer 4

Security actions that ensure that data is accessible to authorized users.

Question 5

BCP

Answer 5

Business Continuity Plan- gives priorities to the functions an organization needs to keep going.

Question 6

CIPA (Children’s Internet Protection Act)

Answer 6

protects minors from inappropriate content when accessing the internet in schools and libraries

Question 7

Confidentiality

Answer 7

the act of holding information in confidence, not to be released to unauthorized individuals

Question 8

Cryptography

Answer 8

Practice of hiding data and keeping it away from unauthorized users

Question 9

Cybersecurity

Answer 9

The act of securing and protecting individuals, businesses, organizations, and governments that are connected to the Internet and the Web.

Question 10

Data classification standard

Answer 10

The goal and objective of a __________ is to provide a consistent definition for how an organization should handle and secure different types of data.

Question 11

Downtime

Answer 11

the total amount of time the IT system, application and data are not accessible.

Question 12

DRP

Answer 12

Disaster Recovery Plan- how a business gets back on its feet after a major disaster such as a fire or hurricane.

Question 13

Encryption

Answer 13

the process of transforming data from clear text into ciphertext.

Question 14

End User License Agreement (EULA)

Answer 14

A legal contract between the author of software and the end user that defines how the software can be used

Question 15

Ethernet LAN

Answer 15

LAN solution based on the IEEE 802.3 CSMA/CD standard for 10/100/1000mbps.

Question 16

FERPA (Family Educational Rights and Privacy Act)

Answer 16

Passed in 1974, protects the private data of students and their school records.

Question 17

FISMA (Federal Information Security Management Act)

Answer 17

requires federal civilian agencies to provide security controls over resources that support federal operations.

Question 18

GLBA (Gramm-Leach-Bliley Act)

Answer 18

Federal law enacted in 1999 to control the ways that financial institutions deal with the private information of individuals

Question 19

HIPAA (Health Insurance Portability and Accountability Act)

Answer 19

Federal law passed in 1996, requires health care organizations to have security and privacy controls implemented to ensure patient privacy.

Question 20

Hypertext Transfer Protocol Secure (HTTPS)

Answer 20

an encrypted form of information transfer on the Internet that combines HTTP and TLS

Question 21

information system security

Answer 21

is the collection of activities that protect the information system and the data stored in it.

Question 22

integrity

Answer 22

deals with the validity and accuracy of data.

Question 23

IoT

Answer 23

Internet of Things

Question 24

IT security policy framework

Answer 24

A set of rules for security. The framework is hierarchical and includes policies, standards, procedures, and guidelines.

Question 25

LAN Domain (Local area network)

Answer 25

is a collection of computers connected to one another or to a common connection medium.

Question 26

LAN switch

Answer 26

the device that connects workstations into a physical Ethernet LAN

Question 27

malicious code (malware)

Answer 27

is a computer program written to cause a specific action to occur, such as erasing a hard drive.

Question 28

Mean Time Between Failures (MTBF)

Answer 28

is the predicted amount of time between failures of an IT system during operations.

Question 29

Mean time to failure (MTTF)

Answer 29

The average amount of time expected until the first failure of a piece of equipment.

Question 30

Mean Time to Repair (MTTR)

Answer 30

The average amount of time a computer repair technician needs to resolve the cause of a failure through replacement or repair of a faulty unit.

Question 31

Network Interface Card (NIC)

Answer 31

the interface between the computer and the LAN physical media.

Question 32

PDA (Personal Digital Assistant)

Answer 32

A portable device that is small enough to hold in the palm of your hand. Usually contains an address book, note making features, telephone and Internet facilities. Allows data to be exchanged with computers

Question 33

Recovery Time Objective (RTO)

Answer 33

is the amount of time it takes to recover and make a system, application, and data available for use after an outage.

Question 34

risk

Answer 34

the likelihood that something bad will happen to ana asset.

Question 35

Service Level Agreement (SLA)

Answer 35

formal contract between customers and their service providers that defines the specific responsibilities of the service provider and the level of service expected by the customer

Question 36

Seven Domains of a Typical IT Infrastructure

Answer 36

User, workstation,

Question 37

SOX (Sarbanes-Oxley Act)

Answer 37

Requires companies to review internal control and take responsibility for the accuracy and completeness of their financial reports.

Question 38

system administrator

Answer 38

setup of user LAN accounts with logon ID and password access controls (that is, user logon information.

Question 39

TCP/IP

Answer 39

Transmission Control Protocol/Internet Protocol

Question 40

thin client

Answer 40

is a software or a actual computer with no hard drive that runs on a network and relies on a server to provide applications.

Question 41

threat

Answer 41

Any action that could damage an asset

Question 42

unauthorized access

Answer 42

the use of a computer or network without permission

Question 43

unified communications

Answer 43

The centralized management of multiple types of network-based communications, such as voice, video, fax, and messaging services.

Question 44

unsheilded twisted pair (UTP)

Answer 44

workstation cabling that uses RJ-45 connectors and jacks to physically connect to a 100 mbps/1gbps/10gbps ethernet LAN switch.

Question 45

Uptime

Answer 45

The total amount of time the IT system, application and data was accessible.

Question 46

User Domain

Answer 46

Defines the people who access an organization’s information system

Question 47

Virus

Answer 47

is a computer program written to cause damage to a system, an application, or data.

Question 48

vulnerability

Answer 48

is a weakness that allows a threat to be realized or to have an effect on an asset.

Question 49

WAP (Wireless Access Point)

Answer 49

A device that provides a connection between wireless devices and can connect to wired networks.

Question 50

Workstation Domain

Answer 50

can be a desktop computer, a laptop computer, a specific-purpose terminal, or any other device that connects to your network.

Question 51

WWW

Answer 51

World Wide Web