ITEC 85 Flashcards

1
Q

refers to the protection of information and information systems from unauthorized access

A

INFORMATION SECURITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

– refers to broader to a set of practices, policies, and procedures aimed at protecting the confidentiality

A

INFORMATION ASSURANCE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

to hide a glaze recipe for pottery.

A

CRYPTOGRAPHY IN ANCIENT TIME

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Firewalls

A

MEDIEVAL CASTLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Codes

A

WORLD WARR ll AND THE ENIGMA MACHINE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

– it is responsible for creating, managing, and using data

A

PEOPLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

is refer to the activities and procedures that are used to collect, store, process, and distribute information

A
  • PROCESSES
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

is the raw material that is used by the information system

A

DATA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

refers to the computer programs

A
  • SOFTWARE
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

refers to the physical components of the information system

A
  • HARDWARE
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

component of an information system includes the communication infrastructure

A
  • NETWORKING
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The birth of modern computing led to the development of computers

A

BIRTH OF MODERN COMPUTING AND EARLY THREATS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

It is important elements of information security that help protect computer systems

A

PASSWORD AND ACCESS CONTROLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

refers to the time when the internet became widely accessible

A

INTERNET ERA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

It is an effort to enhance information security

A

TRUSTED COMPUTING INITIATIVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

It is also known as asymmetric cryptography, is a method used in information security to secure communication

A
  1. PUBLIC – KEY CRYPTOGRTAPHY
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

refers to the increase in criminal activities that are conducted through the use of computers

A
  1. THE RISE OF CYBECRIME
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

refers to the protection of mobile devices

A
  1. MOBILE SECURITY
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

refers to the protection of data

cloud computing environments

A
  1. CLOUD SECURITY
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

refers to the measures and practices implemented to protect the security

A
  1. INTERNET OF THINGS (IoT) SECURITY
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

are sophisticated and targeted cyber-attacks that are carried out by skilled and persistent adversaries.

A
  1. ADVANCED PERSISTENT THREATS (APTs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

was an early computer worm that spread rapidly through vulnerable

A
  1. THE MORRIS WORM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

refers to the measures and practices implemented to protect the security

A
  1. INTERNET OF THINGS (IoT) SECURITY
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

it pertains to laws and regulations that govern the protection and privacy of personal data.

A
  1. DATE PRIVACY REGULATIONS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

5 BALANCING INFORMATION SECURITY AND ACCES:

A
  • IMPLEMENT ACCESS CONTROL
  • USE MULTI – FACTOR AUTHENTICATION
  • EDUCATE USERS
  • USE ENCRYPTION
  • MONITOR USER ACTIVITY
26
Q

5 APPROACHES TO INFORMATION SECURITY IMPLEMENTATION:

A
  • RISK – BASED APPROACH –
  • COMPLIANCE – BASED APPROACH -
  • DEFENSE IN DEPTH APPROACH –
  • HUMAN – CENTRIC APPROACH –
  • TECHNOLOGY – FOCUSED APPROACH –
27
Q

involves identifying and assessing risks to the organization’s information assets

A
  • RISK – BASED APPROACH
28
Q

involves implementing security controls to comply with regulatory requirements

A
  • COMPLIANCE – BASED APPROACH
29
Q

involves implementing multiple layers of security controls to provide redundancy

A
  • DEFENSE IN DEPTH APPROACH
30
Q

focuses on the role of people in information security.

A
  • HUMAN – CENTRIC APPROACH
31
Q

emphasizes the use of technology to protect information assets.

A
  • TECHNOLOGY – FOCUSED APPROACH
32
Q

SECURITY IN THE SDLC:

A
  • PLANNING
  • ANALYSIS
  • DESIGN
  • IMPLEMENTAION
  • TESTING
  • DEPLOYMENT
  • MAINTENANCE
33
Q

KEY TERMS AND CRITICAL CONCEPTS OF INFORMATION SECURITY:

A
  1. CONFIDENTIALITY
  2. INTEGRITY
  3. AVAILBILTY
  4. AUTHENTICATION
  5. AUTHORIZATION
  6. RISK MANAGEMENT
  7. THREATS
  8. VULNERABILITIES
  9. DEFENSE IN DEPTH
  10. INCIDENT RESPONSE
34
Q

THE 2 NEEDS FOR SECURITY

A

THREATH (NOUN)
ATTACK (VERB)

35
Q

possible security risk that might exploit the vulnerability of a system or asset.

A

THREATH (NOUN)

36
Q

intentional unauthorized action on system.

A

ATTACK (VERB)

37
Q

TWO TYPES OF ATTACKS:

A
  • ACTIVE ATTACKS
  • PASSIVE ATTACKS
38
Q

an attempt to change system resources

A
  • ACTIVE ATTACKS
39
Q

an active attack is an attempt to change system resources

A
  • PASSIVE ATTACKS
40
Q

EXAMPLES OF THREATS AND ATTACK

A
  • CYBERATTACKS
  • PHYSICAL ATTACKS
  • RERROISM
  • THREAT OF VIOLENCE
  • NATURAL DISASTER
  • FINANCIAL FRAUD
41
Q

EXAMPLES OF THREATS AND ATTACKS IN INFORMATION SECURITY

A

EXAMPLES OF THREATS AND ATTACKS IN INFORMATION SECURITY
* MALWARE
* PHISING
* DENIAL – OF – SERVICE (DOS)
* PASSWORD ATTACKS
* INSIDER THREATS
* PHYSICAL ATTACKS

42
Q

DIFFERENT TYPES OF THREATS AND ATTACKS IN INFORMATION SECURITY

A
  • ESPIONAGE OR TRESPASS –
  • FORCES OF NATURE –
  • HUMAN ERRO OR FAILURE –
  • INFORMATION EXTORTION –
  • SOFTWARE ATTACKS –
  • TECHNOLOGICAL OBSALANCE
  • THEFT –
    INTELLECTUAL PROPERTY (IP) –
43
Q

refer to illegal or unauthorized access to confidential information

Ex.
- Corporate Espionage
- Cyber Espionage
- Trespassing
- Physical Espionage
- Economic Espionage

A
  • ESPIONAGE OR TRESPASS
44
Q

refer to natural disaster such as floods, earthquakes, and hurricanes that can cause damage to computer systems

Ex.
- Weather Events
- Earthquakes
- Volcanic Eruptions
- Wildfires
- Tsunamis
- Power Outages
- Lightning Strikes

A
  • FORCES OF NATURE
45
Q

refers to mistakes made by individuals

A
  • HUMAN ERRO OR FAILURE
46
Q

It is a type of cybercrime in which the attacker threatens to publish.

A
  • INFORMATION EXTORTION
47
Q

refers to intentional damage

A
  • SABOTAGE OR VANDALISM
48
Q

refer to cyberattacks that exploit vulnerabilities in software applications.

A
  • SOFTWARE ATTACKS
49
Q

refers to the state where technology becomes outdated

A
  • TECHNOLOGICAL OBSALANCE
50
Q

it is the act of taking someone else’s property without their consent

A
  • THEFT
51
Q

refers to creations of the mind.

A

INTELLECTUAL PROPERTY (IP)

52
Q

7 COMMON TERMS USED IN INTELLECTUAL PROPERTY

A

COMMON TERMS USED IN INTELLECTUAL PROPERTY
* PATENT
* TRADEMARK
* COPYRIGHT
* TRADE SECRET
* INFRINGEMENT
* LICENSING
* FAIR USE

53
Q

enacted by governments to regulate behavior

A

LAWS

54
Q

are rules that are established by regulatory agencies to enforce

A

REGULATIONS

55
Q

refer to a set of moral principles and values that guide individual behavior

A

ETHICS

56
Q

is a set of principles

A

CODE OF ETHICS

57
Q

are associations of individuals

A

PROFESSIONAL ORGANIZATION

58
Q
  • INTERNATIONAL
A
  • INTERNATIONAL
  • International Association of Computer Science and Information Technology (IACSIT)
  • Information System Security Association (ISSA)
  • International Association of Privacy Professionals (IAPP)
  • Cloud Security Alliance (CSA)
59
Q
  • LOCAL
A
  • LOCAL
  • Information Security Officers Group Philippines (ISOGP)
  • Philippine Computer Emergency Response Team (PH-CERT)
  • Philippine Society of Information Technology Educators (PSITE)
  • Philippine Society of Information Security Professional (PSISP)
60
Q

LAWS THAT AFFECTS THE PRATICE OF INFORMATION SECURITY

A
  • DATA PRIVACY ACT OF 2012 (DPA)
  • CYBERCRIME PREVENTION AST OF 2012
  • E-COMMERCE ACT OF 2000
  • ANTI-PHOTO AND VIDEO VOYEURISM ACT OF 2009
  • NATIOANL PRIVACY COMMISSION (NPC)