deck_16919193 Flashcards
“The quality or state of being secure—to be free
from danger”
Security
Types of security
Physical security
– Personal security
– Operations security
– Communications security
– Network security
– Information security
Critical Characteristics of Information
Availability
– Accuracy
– Authenticity
– Confidentiality
– Integrity
– Utility
– Possession
Components of an Information System
Software
– Hardware
– Data
– People
– Procedures
– Network
SDLC
Systems Development Life Cycle
methodology for design and implementation of
information system within an organization
Systems Development Life Cycle (SDLC):
: formal approach to problem solving
based on structured sequence of procedures
Methodology
SLDC 6 general phrases
investigation
analysis
logical design
physical design
implementation
maintenance and change
Preliminary cost-benefit analysis is developed
Investigation
determine what new system is expected
to do and how it will interact with existing systems
Analysis
Data support and structures capable of providing
the needed inputs are identified
Creates and develops blueprints for information
security
Logical Design
- Technologies to support the alternatives identified
and evaluated in the logical design are selected - Components evaluated on make-or-buy decision
Physical Design
- Needed software created
- Components ordered, received, and tested
- Users trained and documentation create
Implementation
- Longest and most expensive phase
- Consists of tasks necessary to support and modify
system for remainder of its useful life
Maintenance and Change
Information Security Project Team
- A number of individuals who are experienced in
one or more facets of required technical and
nontechnical areas:
– Champion
– Team leader
– Security policy developers
– Risk assessment specialists
– Security professionals
– Systems administrators
– End user
: responsible for the security and use of
a particular set of information
Data owner
: responsible for storage,
maintenance, and protection of information
Data custodian
: end users who work with information to
perform their daily jobs supporting the mission of
the organization
Data users
: an object, person, or other entity that
represents a constant danger to an asset
Threat
“ownership of ideas and
control over the tangible or virtual representation of
those ideas
Intellectual property (IP):
Malware attacks
Viruses
– Worms
– Trojan horses
– Logic bombs
– Back door or trap door
– Polymorphic threats
– Virus and worm hoaxes
– Develops software scripts and program exploits
– Usually a master of many skills
– Will often create attack software and share with
others
Expert hacker
– Many more unskilled hackers than expert hackers
– Use expertly written software to exploit a system
– Do not usually fully understand the systems they
hack
Unskilled hacker
: “cracks” or removes software protection
designed to prevent unauthorized duplication
Cracker
: hacks the public telephone network
Phreaker