Inf Sec - Imp Q Flashcards
Information warranting protection must be appropriately
Identified and Marked
The a)__________ of the information typically determines the b)________
a)Originator
b)Classification Level
An employees access should be based on his or her current ________ and need to know, not solely on position
Job function
____________ models and test items should be destroyed so they cannot be reversed engineered
Obsolete prototype
___________ developed in military to protect unclassified information that could reveal sensitive plan
Operations Security (OPSEC)
Privacy protected information is specifically regulated by the _____________
Health Insurance Portability and Accountability Act (HIPAA)
______ property right granted to an inventor to exclude others from making, using or selling the invention for a limited time
Patent
________ words, names, symbols, devices or images applied to products or used to identity their source
Trademark
________ is used to protect the expression of ideas in literary, artistic and musical works
Copyright
The best way to start addressing infringement of patents, copyrights, and trademarks is to
Register those rights
Under _________ law copyrights do not have to be registered to be protected
International Law
When doing business outside the organizations home country, the best weapon is
Prevention
A patent last only
20 years
Patents convey a range of benefits but require the inventor to disclose the
Inventions elements
Sanitizing information systems and media : _____________________ before the medium is reused
Removing data on a storage medium
The key steps to take after information loss
Investigation
Damage Assessment
Recovery &
Follow up
The use of information systems to commit crime (Human challenge : Failure of imagination)
Cybercrime
_____ is a type of malware, data stealing Trojan Horse Program
Zeus
Software applications that run automated taksts
Bots
Customer lists, pricing information, cost structure, strategic plan or proprietary processes
Intellectual property
Using Corporate resources effectively to protect sensitive information and systems is a key objectives of
ISS Program
Who is responsible for defining who needs access to what information
Information Owners
Attacks that are harder to detect and harder to defend against a weapon of mass disruption
Cyber Attack
What is one of the most serious economic and national security challenges we face as a nation
Cyber Threat
Devices may be divided into two types of systems
Embedded
Host Based
Embedded Systems
Also know as special systems are typically programmed at the manufacturer and run proprietary or nonstandard operating system
Host Based systems
Run on more standard operating systems, typically a windows or Linux operating system
What can give complete control over door. Success/failure of organization may depend on security professional’s actions
Gecko
The objective of an organizations information systems security program is to a) _________ and b) ___________ manage the risk that critical organizational information could c)________ d)__________ or e) _________
a) Prudently
b) Cost effectively
c) Be Compromised
d) Be changed without authorization
e) Become Unavailable
The security professional strives to protect informations
Confidentiality
Integrity
Availability
(Also called CIA)
Residual risk
Threats * Vulnerability’s / Countermeasures
In business who is responsible for information security
Everyone
Almost all modern communications via computer follow a model called the
Open Systems Interconnect (OSI)
AAA Triad
Authentication
Authorization
Auditing/Accountability
Tool for maintaining integrity which shows whether data has been tampered with
Cyclical Redundancy Check (CRC)
The oldest form of communications that connects to a computer network
The Printer
Protects Credit Card Information
The payment card industry data security standard
Sarbanes-Oxley Act
Sox requires the management of a public company to assess the effectiveness of the company’s internal control over financial reporting
Red Queen Effect
Organizations information systems management program must be continually improved
Convergence
The integration in a formal, collaborative and strategic manner, of the cumulative security resources of the organization in order to deliver enterprise wide benefits through enhanced risk mitigation, increased operational effectiveness and efficiency and cost savings
ISS principles center on three basis elements
Confidentiality
Integrity
Availability
called the CIA triad
Someone convinces a user to share his credentials to get on the network
Social Engineering
Malware
Someone attack a systems by installing software on it, either with the users knowledge (usually hidden in other software or email) or automatically without the users knowledge
Malware
One of the most insidious mechanism hackers use today to attack systems is malware.
Malware types and used for
Viruses, Worms, Spyware, Rootkits, Trojan Horses and it is designed to give the cybercriminal or hacker control of the computer on which it is installed
Why is web attack dangerous
Because it can defeat almost every control
Physical Security professionals mitigate risk via
Policies
References
Frameworks
ISS professionals mitigate risk through
Information Security Management System (ISMS) such as that described in ISO 27001
The first job of the individual charged with an organizations ISS is to
Create an ISMS appropriate for the size of the organization
Who must support the organizations ISS culture
Senior Management
A notable practice in ISS is
Clock Synchronization. This is typically done with a protocol called Network Time Protocol (NTP and it allows for all systems on a network to have the same time)
