IAS chap 1 Flashcards
Pasadong Midterm cutiee
fIs the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.
Is about protecting sensitive information from being stolen, misused, or damaged.
A set of security procedures and tools that broadly protect sensitive enterprise information
It refers to the processes and tools designed and deployed to protect sensitive business information
Information Security
The first operating system to integrate security into its core functions
MULTICS
Is the assurance that someone cannot deny the validity of something.
Assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of the sender’s identity, so that neither can later deny having processed the data.
Non-repudiation
It means protection.
______ is “the quality or state of being secure–to be free from danger.”
It refers to the methods, tools and personnel used to defend an organization’s digital assets.
Security
To protect the physical items, objects, or areas of an organization from unauthorized access and misuse.
Physical security
To protect the individual or group of individuals who are authorized to access the organization and its operations.
Personal security
To protect the details of a particular operation or series of activities.
Operations security
To protect an organization’s communications media, technology, and content.
Communications security
To protect networking components, connections, and contents.
Network security
Free from mistake or error and having the value that the end-user expects.
Accuracy
The quality or state of being genuine or original, rather than a reproduction or fabrication.
Authenticity
The quality or state of preventing disclosure or exposure to unauthorized individuals or systems.
Confidentiality
The quality or state of being whole, complete, and uncorrupted.
Means keeping information accurate, complete, and trustworthy.
Integrity
The quality or state of having value for some purpose or end.
Utility
The quality or state of having ownership or control of some object or item.
Possession
Is the entire set of software, hardware, data, people, procedures, and networks that enable the use of information resources in the organization.
Is like the brain and nervous system of an organization. It includes everything needed to store, process, and share information—computers, software, data, people, rules, and networks.
Information Software
Physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system.
Hardware
Often the most asset
Main target of intentional attacks
Data
They have always been a threat to information security.
Social engineering.
Must be well trained and informed.
People
Are written instructions for accomplishing a specific task.
Procedures
A method of establishing security policies and/or practices that begins as a grassroots effort in which systems administrators attempt to improve the security of their systems.
Bottom-up approach
A methodology of establishing security policies and/or practices that is initiated by upper management.
Top-down approach
A formal approach to solving a problem based on a structured sequence of procedures.
Methodology
The ______ contains different phases depending on the methodology deployed, but generally the phases address the investigation, analysis, design, implementation, and maintenance of an information system.
SDLC
Responsible for the assessment, management, and implementation of information security in the organization
Also be referred to as the manager for IT security, the security administrator, or by a similar title
Chief information security officer (CISO)
Small team of people who are experienced in one or multiple facets of the required technical and nontechnical areas for the project to which they are assigned
Project team
Creates and develops blueprints for information security
Incident response actions: Continuity planning, Incident response, Disaster recovery
Logical Design
a senior executive who promotes the project and ensures its support, both financially and administratively, at the highest levels of the organization.
Champion
A project manager who may also be a departmental line manager or staff unit manager, and who understands project management, personnel management, and information security technical requirements
Team leader
the people who understand the organizational culture, existing policies, and requirements for developing and implementing successful policies.
Security policy developers
individuals who understand financial risk assessment techniques, the value of organizational assets, and the security methods to be used.
Risk assessment specialists
Dedicated, trained, and well-educated specialists in all aspects of information security from both technical and non-technical standpoints.
Security professionals
individuals with the primary responsibility for administering the systems that house the information used by the organization.
Systems administrators
A selection of users from various departments, levels, and degrees of technical knowledge assist the team
most directly impacted by the new system
End users
responsible for the security and use of a particular set of information.
usually determine the level of data classification associated with the data
Data Owner
Responsible for the storage, maintenance, and protection of the information
Data Custodian
the end systems users who work with the information to perform their daily jobs supporting the mission of the organization
Data Users
