Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

2nd Year - 2nd Semester > ITSAC - Module 1 > Flashcards

ITSAC - Module 1 Flashcards

1
Q

What is Information Security?

A

A set of security procedures and tools that broadly protect sensitive enterprise information from misuse, unauthorized access, disruption, or destruction. – Microsoft
It refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection. – Cisco
Information security in today’s enterprise is a “well-informed sense of assurance that the information risks and controls are in balance.” – Jim Anderson, Inovant (2002)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

History

A

Began immediately after the first mainframes were developed.
Created to aid code-breaking computations during World War II.
Physical controls to limit access to sensitive military locations to authorized personnel: badges, keys, and facial recognition.
Rudimentary in defending against physical theft, espionage, and sabotage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

History
Early 1960s

A

One of the first documented security problems occurred.
A software glitch mixed the two files (Message of the Day and password file)
The entire password file was printed on every output file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

History
Early 1970s

A

The microprocessor brought in a new age of computing capabilities and security threats as these microprocessors were networked.
Late 1970s: microprocessor expanded computing capabilities and security threats.
From mainframe to PC
Decentralized computing
Need for sharing resources increased
Major changed computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

History
RAND Report R-609

A

The first widely recognized published document to identify the role of management and policy issues in computer security.
It attempted to define multiple controls and mechanisms necessary for the protection of a multi-level computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

History
The 1990s

A

At the close of the 20th century, as networks of computers became more common, as did the need to connect the networks to each other.
Gave rise to the Internet - first global network of networks
Early Internet deployment treated security as a low priority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

History
In the late 1990s and into the 2000s

A

Many large corporations began publicly integrating security into their organizations.
Antivirus products became extremely popular, and information security began to emerge as an independent discipline.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

History
2000 to present

A

The Internet brings millions of computer networks into communication with each other—many of them unsecured.
Ability to secure a computer’s data influenced by the security of every computer to which it is connected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Security?

A

A successful organization should have the following multiple layers of security in place for the protection of its operations.

  1. Physical security - to protect the physical items, objects, or areas of an organization from unauthorized access and misuse.
  2. Personal security - to protect the individual or group of individuals who are authorized to access the organization and its operations.
  3. Operations security - to protect the details of a particular operation or series of activities.
  4. Communications security - to protect an organization’s communications media, technology, and content.
  5. Network security - to protect networking components, connections, and contents.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Critical Characteristics of Information

A
  1. Availability - enables users who need to access information to do so without interference or obstruction and in the required format.
  2. Accuracy - free from mistake or error and having the value that the end-user expects.
  3. Authenticity - the quality or state of being genuine or original, rather than a reproduction or fabrication.
  4. Confidentiality - the quality or state of preventing disclosure or exposure to unauthorized individuals or systems.
  5. Integrity - the quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.
  6. Utility - the quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end-user, it is of no use.
  7. Possession - the quality or state of having ownership or control of some object or item. Information is said to be in possession if one obtains it, independent of format or another characteristic. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Information system (IS)

A

– is the entire set of software, hardware, data, people, procedures, and networks that enable the use of information resources in the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Components of an Information System

A
  1. Software: Includes applications (programs), operating systems, and assorted command utilities.
    Perhaps the most difficult IS component to secure.
    Easy target of accidental or intentional attacks.
  2. Hardware: Physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system.
    Physical security policies deal with hardware as a physical asset and with the protection of physical assets from harm or theft.
  3. Data: Often the most asset
    Main target of intentional attacks
  4. People: People have always been a threat to information security
    Social engineering
    Must be well trained and informed
  5. Procedures: Procedures are written instructions for accomplishing a specific task.
    Threat to integrity of data
  6. Networks: Locks and keys won’t work
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Balancing Information Security and Access

A

To operate an information system that satisfies the end-user and the security professional, the security level must allow reasonable access yet protect against threats to achieve a balanced scale.
An imbalance can occur when the needs of the end user are undermined by obsessive focus on protecting and administering the information systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Computer as the Subject and Object of an Attack

A

Hacker using a computer as the subject of attack
Remote system that is the object of an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Approaches to Information Security Implementation: Bottom-Up Approach

A

Bottom-up approach:

A method of establishing security policies and/or practices that begins as a grassroots effort in which systems administrators attempt to improve the security of their systems.
The key advantage is the technical expertise of individual administrators.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Advantages & Disadvantages of
Bottom-Up Approach

A

Advantages:

  1. Flexibility: Bottom-up approach allows for changes to be made at any stage of the process.
  2. Empowerment: It gives individuals and smaller groups the power to make decisions.
  3. Robustness: This approach can result in more robust solutions, as each component can be thoroughly tested and debugged.

Disadvantages:

  1. Slow Progress: The bottom-up approach can be slow, as each component must be completed before moving on to the next.
  2. Lack of Coherence: The final solution may lack coherence, as it is assembled from individual parts.
  3. Difficulty in Managing Complex Projects: This approach can be difficult to manage for complex projects with many components.
16
Q

What Companies Use a Bottom-up Approach?

A

Many companies use the bottom-up approach in their management and decision-making processes, including:

Toyota
Hyundai
Ford
Volkswagen
Samsung
Nokia
Dell
Hewlett-Packard
Cisco Systems
Oracle

17
Q

Approaches to Information Security Implementation: Top-down Approach

A

A methodology of establishing security policies and/or practices that is initiated by upper management.
Higher probability of success.
The project is initiated by upper-level managers.

18
Q

Advantages & Disadvantages of
Top-Down Approach

A

Advantages:

  • Easy to understand and implement.
  • Provides clear objectives and expectations.
  • Supports effective allocation of resources.

Disadvantages:

  • Inflexible to change.
  • Limited to pre-determined solutions.
  • Can lead to missed opportunities or inefficiencies.
  • Can result in lower motivation and participation from lower-level employees.
19
Q

What Companies Use the Top-Down Approach?

A

Many companies use the top-down approach in their management and decision-making processes, including:

IBM
Microsoft
Google
Apple
Amazon
GE
Intel
JPMorgan Chase
Goldman Sachs
Procter & Gamble

2nd Year - 2nd Semester (43 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions