IS4550 CHAPTER 1 Flashcards
The process of determining the identity of an individual or device is called ___.
AUTHENTICATION
Ensuring accessibility of information to authorized users when required is called ___.
AVAILABILITY
A management technique used to improve the efficiency and effectiveness of a process within an organization is called ___.
BUSINESS PROCESS REENGINEERING (BPR)
Limiting access to information/data to authorized users only is called ___.
CONFIDENTIALITY
An ad hoc, ongoing effort to improve business products, services, or process is called ___.
CONTINUOUS IMPROVEMENT
The state of data stored on any type of media is called ___.
DATA AT REST
The state of data when traveling over or through a network is called ___..
DATA IN TRANSIT
The act of managing implementation and compliance with organizational policies is called ___.
GOVERNANCE
The parameters within which a policy, standard, or procedure recommended when possible but are optional is called ___.
GUIDELINE
The implementation of controls designed to ensure confidentiality, integrity, availability, and non-repudiation is called ___.
INFORMATION ASSURANCE
The act of protecting information systems or IT infrastructures from unauthorized use, access, disruption, or destruction is called ___.
INFORMATION SYSTEMS SECURITY (ISS)
The five-phase management process of controlling the planning, implementation, evaluation, and maintenance of information systems security is called ___.
INFORMATION SYSTEMS SECURITY MANAGEMENT LIFE CYCLE
The act of ensuring that information has not been improperly changed is called ___.
INTEGRITY
A principle that restricts information access to only those users with an approved and valid requirement is called ___.
NEED TO KNOW
The concept of applying technology in way that an individual cannot deny or dispute they were part of a transaction is called ___.
NONREPUDIATION
A document that states how the organization is to perform and conduct business functions and transactions with a desired outcome is called ___.
POLICY
A structure for organizing policies, standards, procedures, and guidelines is called ___.
POLICY FRAMEWORK
A written statement describing the steps required to implement a process is called ___.
PROCEDURE
A set of policies that establish how an organization secures its facilities and IT infrastructure. It can also address how the organization meets regulatory requirements is called ___.
SECURITY POLICIES
The portion of a service contract that formally defines the level of service. These agreements are typical in telecommunications contracts for voice and data transmission circuits is called ___.
SERVICE LEVEL AGREEMENT (SLA)
An established and proven norm or method. The can be a procedural or technical ___ implemented organization-wide.
STANDARD
- What is the issue in the following? John works in the accounting dept. but travels to other company locations. He must present the past quarter’s figures to the CEO in the morning. He forgot to update the Power Point presentation on his desktop computer at the main office.
- Unauthorized access to the system
- Integrity of the data
- Availability of the data
- Nonrepudiation of the data
- Unauthorized use of the system
Availability of the data
- Governance is the practice of ensuring an entity is in conformance to policies, regulations, ___, and procedures.
Standards
- COBIT is a widely accepted international best practices policy framework.
TRUE OR FALSE
True
- Which of the following are generally accepted as IA tenets but not ISS tenets? (Select 2)
- Confidentiality
- Integrity
- Availability
- Authentication
- Nonrepudiation
Authentication
Nonrepudiation
- Greg has developed a document on how to operate and back up the new financial sections storage area network. In it, he lists the steps required for powering up and down the system as well as configuring the backup tape unit. Greg has written ___.
Procedure
- When should a wireless security policy be initially written?
- When the industry publishes new wireless standards
- When a vendor presents wireless solutions to the business
- When the next generation of wireless technology is launched
- After a company decides to implement wireless and before it is installed
After a company decides to implement wireless and before it is installed
- A toy company is developing the next generation of children’s reading aids. They already produced a comparable product, but the new one will not be available on shelves for another two years. What process would drive policies related to the new product’s information systems security?
- Continuous improvement
- Business process reengineering
- Encryption
- Information systems security management life cycle
- Software development life cycle
Business process reengineering
- Implementation and enforcement of policies is a challenge. The biggest hindrance to implementation of policies is the ___ factor.
Human
- Information systems security policies should support ___.
Business Operations
- Security policies focus on providing consistent protection of information in the system. This happens by controlling multiple aspects of the information system that directly or indirectly affect normal operations at some point.While there are many different benefits to supporting operations, some are more prevalent than others. Which of the following are aspects of ISS policies that extend to support business operations?
- Controlling change to the IT infrastructure
- Protecting data at rest and in transit
- Protecting systems from the insider threat
- 2 & 3 Only
- All the above
Controlling change to the IT infrastructure
Protecting data at rest and in transit
Protecting systems from the insider threat
- Ted is an administrator in the server backup area. He is reviewing the contract for the offsite storage facility for validity. This contract includes topics such as the amount of storage space required, the pickup and delivery of media, response times during an outage, and security of media within the facility. This contract is an example of information security.
TRUE OR FALSE
FALSE
