IS Security Flashcards

1
Q

Information Security

A

The information managers and workers are obligated to make safe and secure the person (organization), process, data, application and infrastructure of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information Security Definition

A

The protection of information assets from unauthorized disclosure, modification, or destruction; or the inability to process that information

dolazimo do 3 principa :
1.Integrity principle == unauthorized disclosure
2.Confidentiality principle == modification or destruction of information
3.Availability principle == inability to process information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CIA TRIAD

A

Confidentiality – restrict access to authorized individuals
Secrecy, Privacy and Authority
Integrity – data has not been altered in an unauthorized manner
Accurate, Complete and Compliant

Availability – information can be accessed and modified by authorized individuals in an appropriate timeframe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

System Vulnerability and Abuse

A

1.Accessibility of networks
2.Hardware problems (breakdowns, configuration errors, damage from
improper use or crime)
3.Software problems (programming errors, installation errors,
unauthorized changes)
4.Disasters
5.Use of networks/computers outside of firm’s control
6.Loss and theft of portable devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Tools for Information Security

A

Authentication
Access Control
Encryption
Passwords
Backup
Firewalls
Virtual Private Networks (VPN)
Physical Security
Security Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Authentication

A

Persons accessing the information is who they say they are
Factors of identification:
Something you know – user ID and password
Something you have – key or card
Can be lost or stolen
Something you are – physical characteristics (i.e., biometrics)
Much harder to compromise

A combination of at least 2 factors is recommended

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Access Control

A

Once authenticated – only provide access to information necessary to perform their job duties to read, modify, add, and/or delete information by:

1.Access control list (ACL) created for each resource (information)
List of users that can read, write, delete or add information
Difficult to maintain all the lists
2.Role-based access control (RBAC)
Rather than individual lists
Users are assigned to roles
Roles define what they can access
Simplifies administration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Encryption

A

An algorithm (program) encodes or scrambles information during transmission or storage
Decoded/unscrambled by only authorized individuals to read it

How is this done?
Both parties agree on the encryption method (there are many) using keys
Symetric and public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Passwords

A

Single-factor authentication (user ID/password) is the easiest to break
Password policies ensure that this risk is minimized by requiring:

A certain length to make it harder to guess
Contain certain characters – such as upper and lower case, one
number, and a special character
Changing passwords regularly and do not a password to be
reused
Employees do not share their password
Notifying the security department if they feel their password has
been compromised.
Yearly confirmation from employees that they understand their
responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Backup

A

Important information should be backed up and store in a separate location

A good backup plan requires:
Understanding of the organizational information resources
Regular backups of all data
Offsite storage of backups
Test of the data restoration

Complementary practices:
UPS systems
Backup processing sites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Firewalls

A

-Can be a piece of hardware and/or software
-Inspects and stops packets of information that don’t apply to a strict set of rules
-Hardware firewalls are connected to the network
-Intrusion Detection Systems (IDS) watch for specific types of activities to alert
security personnel of potential network attack

-Can implement multiple firewalls to allow segments of the network to be partially secured to conduct business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Virtual Private Networks (VPN)

A

1.Some systems can be made private using an internal network to limit access to them
2.VPN allows users to remotely access these systems over a public network like the Internet

3.CPP students have this ability for:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Physical Security

A

Protection of the actual equipment
– Hardware and Networking components

Organizations need to identify assets that need to be physically secured:
Locked doors
Physical intrusion detection - e.g., using security cameras
Secured equipment
Employee training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Security Policies

A

–Starting point in developing an overall security plan
–Security policies focus on confidentiality, integrity, and availability
–Bring Your Own Device (BYOD) policies for mobile devices
–Difficult to balance the need for security and users’ needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Securing Information Systems

A

1.Identify the information assets
2.Perform the assessment of vulnerabilities and threats that surround the creation, storage, use and sharing of information.
3.Develop, document and implement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly