Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ITEC85A - Information Assurance And Security 1 > Lecture 1 - Introduction to Information Security > Flashcards

Lecture 1 - Introduction to Information Security Flashcards

1
Q

?

Earlier versions of the German code machine ? were first broken by the Poles in the 1930s.

The History of Information Security

A

Enigma

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

?

The British and Americans managed to break later, more complex versions during World War II.

The History of Information Security

A

Enigma

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

?

The increasingly complex versions of the ?, especially the submarine version of the ?, caused considerable anguish to Allied forces before finally being cracked.

The History of Information Security

A

Enigma

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The Enigma

Earlier versions of the German code machine Enigma were first broken by the Poles in the ?.

Hint: 19xxs

The History of Information Security

A

1930s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

?

During the Cold War, many more mainframes were brought online to accomplish more complex and sophisticated tasks.

Hint: 19xxs

The History of Information Security

A

1960s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

?

During the next decade, ARPANET became popular and more widely used, and the potential for its misuse grew.

Hint: 19xxs and 19xxs

The History of Information Security

A

1970s and 80s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

1968

Maurice Wilkes discusses password security in ?.

Hint: ? Computer Systems

The History of Information Security

A

Time-Sharing Computer Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

1973

Schell, Downey, and Popek examine the need for additional security in military systems in “Preliminary Notes on the Design of ?”.

Hint: ? Computer Systems

The History of Information Security

A

Secure Military Computer Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

1975

The Federal Information Processing Standards (FIPS) examines Digital Encryption Standard (DES) in the ?.

The History of Information Security

A

Federal Register

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

1978

Bisbey and Hollingworth publish their study “?: Final Report”, discussing the ? project created by ARPA to better understand the vulnerabilities detection techniques in existing system software.

The History of Information Security

A

Protection Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

1979

Morris and Thompson author “?: A Case History” published in the Communications of the Association for Computing Machinery (ACM). This paper examines the history of a design for a ? scheme on a remotely accessed, time-sharing system.

The History of Information Security

A

Password Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

1979

Dennis Ritchie publishes “On the Security of UNIX” and “Protection of Data File Contents” discussing secure user IDs and secure group IDs, and the problems inherent in the systems.

The History of Information Security

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

1984

Grampp and Morris write ”?”. In this report, the authors examine four “important handles to computer security”: (1) physical control of premises and computer facilities, (2) management commitment to security objectives, (3) education of employees, and (4) administrative procedures aimed at increased security.

Hint: ? OS ?

The History of Information Security

A

UNIX Operating System Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

1984

Reeds and Weinberger publish ”?”. Their premise was: “No technique can be secure against wiretapping or its equivalent on the computer. Therefore no technique can be secure against the systems administrator or other priviledged users … the naive user has no chance.”

Hint: ? ? and the UNIX ? ? ?

The History of Information Security

A

File Security and the UNIX System Crypt Command

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

?

At the close of the twentieth century, networks of computers became more common, as did the need to connect these networks to each other. professionals.

Hint: 19xxs

The History of Information Security

A

1990s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

?

Today, the Internet brings millions of unsecured computer networks into continuous communication with each other. The security of each computer’s stored information is now contingent on the level of security of every other computer to which it is connected.

Hint: 2XXX ? ?

The History of Information Security

A

2000 to Present

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

In general, ? is “the quality or state of being secure— to be free from danger.” In other words, protection against adversaries— from those who would do harm, intentionally or otherwise— is the objective.

What is Security?

A

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

6 Layers of Security (to protect organization operations)

A successful organization should have the following multiple layers of security in place to protect its operations: ?, ??, ???, ????, ?????, and ??????.

What is Security?

A
  • Physical security
  • Personnel security
  • Operations security
  • Communications security
  • Network security
  • Information security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

?

?, to protect physical items, objects, or areas from unauthorized access and misuse.

6 Layers of Security (to protect organization operations)

A

Physical security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

?

?, to protect the individual or group of individuals who are authorized to access the organization and its operations

6 Layers of Security (to protect organization operations)

A

Personnel security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

?

?, to protect the details of a particular operation or series of activities.

6 Layers of Security (to protect organization operations)

A

Operations security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

?

?, to protect communications media, technology, and content

6 Layers of Security (to protect organization operations)

A

Communications security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

?

?, to protect networking components, connections, and contents

6 Layers of Security (to protect organization operations)

A

Network security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

?

?, to protect the confidentiality, integrity and availability
of information assets, whether in storage, processing, or transmission.

6 Layers of Security (to protect organization operations)

A

Information security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

4 Components of Information Security

Components of Information Security: ?, ??, ???, and ???.

A
  • Management of information security
  • Network security
  • Computer & data security
  • Policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

13 Key Information Security Concepts

Key Information Security Concepts: ?, ??, ???, ????, ?????, ??????, ???????, ????????, ?????????, ??????????, ???????????, ????????????, and ?????????????.

A
  • Access
  • Asset
  • Attack
  • Control, safeguard, or countermeasure
  • Exploit
  • Exposure
  • Loss
  • Protection profile or security posture
  • Risk
  • Subjects and objects
  • Threat
  • Threat agent
  • Vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

?

A subject or object’s ability to use, manipulate, modify, or affect another subject or object.

13 Key Information Security Concepts

A

Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

?

The organizational resource that is being protected.

An asset can be:
* logical, such as a Web site, information, or data; or
* physical, such as a person, computer system, or other tangible object.

13 Key Information Security Concepts

A

Asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Asset

An asset can be ?, such as a Web site, information, or data; or an asset can be ??, such as a person, computer system, or other tangible object.

13 Key Information Security Concepts

A
  • logical
  • physical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

?

An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it.

13 Key Information Security Concepts

A

Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

?

Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.

13 Key Information Security Concepts

A

Control, safeguard, or countermeasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

?

A technique used to compromise a system.

13 Key Information Security Concepts

A

Exploit

33
Q

?

A condition or state of being exposed. In information security, ? exists when a vulnerability known to an attacker is present.

13 Key Information Security Concepts

A

Exposure

34
Q

?

A single instance of an information asset suffering damage or unintended or unauthorized modification or disclosure.

13 Key Information Security Concepts

A

Loss

35
Q

?

The entire set of controls and safeguards, including policy, education, training and awareness, and technology, that the organization implements (or fails to implement) to protect the asset.

13 Key Information Security Concepts

A

Protection profile or security posture

36
Q

?

The probability that something unwanted will happen.

13 Key Information Security Concepts

A

Risk

37
Q

?

A computer can be either:
* the subject of an attack—an agent entity used to conduct the attack— or
* the object of an attack— the target entity.

13 Key Information Security Concepts

A

Subjects and objects

38
Q

?

A category of objects, persons, or other entities that presents a danger to an asset. ?s are always present and can be purposeful or undirected.

13 Key Information Security Concepts

A

Threat

39
Q

?

The specific instance or a component of a threat.

13 Key Information Security Concepts

A

Threat agent

40
Q

?

A weaknesses or fault in a system or protection
mechanism that opens it to attack or damage.

13 Key Information Security Concepts

A

Vulnerability

41
Q

7 Critical Characteristics of Information

Critical Characteristics of Information: ?, ??, ???, ????, ?????, ??????, and ???????.

A
  • Availability
  • Accuracy
  • Authenticity
  • Integrity
  • Confidentiality
  • Utility
  • Possession
42
Q

?

? enables authorized users— persons or computer
systems— to access information without interference or obstruction and to receive it in the required format.

7 Critical Characteristics of Information

A

Availability

43
Q

?

Information has ? when it is free from mistakes or errors and it has the value that the end user expects. If information has been intentionally or unintentionally modified, it is no longer accurate.

7 Critical Characteristics of Information

A

Accuracy

44
Q

?

? of information is the quality or state of being genuine or original, rather than a reproduction or fabrication.

7 Critical Characteristics of Information

A

Authenticity

45
Q

?

Information has ? when it is whole, complete, and uncorrupted. The ? of information is threatened when the information is exposed to corruption.

7 Critical Characteristics of Information

A

Integrity

46
Q

?

Information has ? when it is protected from disclosure or exposure to unauthorized individuals or systems.

7 Critical Characteristics of Information

A

Confidentiality

47
Q

4 Number of Measures (to protect the confidentiality of information)

To protect the confidentiality of information, you can use a number of measures, including the following: ?, ??, ???, and ????.

Critical Characteristics of Information - Confidentiality

A
  • Information classification
  • Secure document storage
  • Application of general security policies
  • Education of information custodians and end users
48
Q

?

The ? of information is the quality or state of having value for some purpose or end.

7 Critical Characteristics of Information

A

Utility

49
Q

?

The ? of information is the quality or state of ownership or control.

7 Critical Characteristics of Information

A

Possession

50
Q

6 Components of an Information System

Components of an Information System: ?, ??, ???, ????, ?????, and ??????.

A
  • Software
  • Hardware
  • Data
  • People
  • Procedures
  • Networks
51
Q

?

? is perhaps the most difficult IS (Information System) component to secure. The exploitation of errors in software programming accounts for a substantial portion of the attacks on information.

6 Components of an Information System

A

Software

52
Q

?

? is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system.

6 Components of an Information System

A

Hardware

53
Q

?

? stored, processed, and transmitted by a
computer system must be protected.

6 Components of an Information System

A

Data

54
Q

?

Though often overlooked in computer security considerations, ? have always been a threat to information security.

6 Components of an Information System

A

People

55
Q

?

Another frequently overlooked component of an IS (Information System) is ?. ? are written instructions for accomplishing a specific task.

When an unauthorized user obtains an organization’s ?, this poses a threat to the integrity of the information.

6 Components of an Information System

A

Procedures

56
Q

?

The IS (Information System) component that created much of the need for increased computer and information security is ?ing.

6 Components of an Information System

A

Networks

57
Q

2 Approaches to Information Security Implementation

Approaches to Information Security Implementation: ? and ??.

A
  • Bottom-up Approach
  • Top-down Approach
58
Q

?

The implementation of information security in an organization must begin somewhere, and cannot happen overnight.

2 Approaches to Information Security Implementation

A
  • Bottom-up Approach
59
Q

?

Securing information assets is in fact an incremental process that requires coordination, time, and patience.

2 Approaches to Information Security Implementation

A
  • Bottom-up Approach
60
Q

?

**Information security* can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems.

2 Approaches to Information Security Implementation

A
  • Bottom-up Approach
61
Q

?

The ?— in which the project is initiated by upper-level managers who issue policy, procedures and processes, dictate the goals and expected outcomes, and determine accountability for
each required action— has a higher probability of
success.

2 Approaches to Information Security Implementation

A
  • Top-down Approach
62
Q

4 Sections of Information Security Responsibilies

The following sections describe the typical information security responsibilities of various professional roles in an organization: ?, ??, ???, and ????.

Security Professionals and the Organization

A
  • Senior Management
  • Information Security Project Team
  • Data Responsibilities
  • Communities of Interest
63
Q

7 Members of the Security Project Team

Members of the security project team: ?, ??, ???, ????, ?????, ??????, and ???????.

Information Security Project Team

A
  • Champion
  • Team leader
  • Security policy developers
  • Risk assessment specialists
  • Security professionals
  • Systems administrators
  • End users
64
Q

?

A senior executive who promotes the project and ensures its support, both financially and administratively, at the highest levels of the organization.

7 Members of the Security Project Team

A

Champion

65
Q

?

A project manager, who may be a departmental line manager or staff unit manager, who understands project management, personnel management, and information security technical requirements.

7 Members of the Security Project Team

A

Team Leader

66
Q

?

People who understand the organizational culture, existing policies, and requirements for developing and implementing successful policies.

7 Members of the Security Project Team

A

Security Policy Developers

67
Q

?

People who understand financial risk assessment techniques, the value of organizational assets, and the security methods to be used.

7 Members of the Security Project Team

A

Risk Assessment Specialists

68
Q

?

Dedicated, trained, and well-educated specialists in all aspects of information security from both a technical and nontechnical standpoint.

7 Members of the Security Project Team

A

Security Professionals

69
Q

?

People with the primary responsibility for administering the systems that house the information used by the organization.

7 Members of the Security Project Team

A

Systems Administrators

70
Q

?

Those whom the new system will most directly affect.

Ideally, a selection of users from various departments, levels, and degrees of technical knowledge assists the team in focusing on the application of realistic controls applied in ways that do not disrupt the essential business activities they seek to safeguard.

7 Members of the Security Project Team

A

End Users

71
Q

3 Types of Data Ownership

The three types of data ownership are: ?, ??, and ???

Data Responsibilities

A
  • Data owners
  • Data custodians
  • Data users
72
Q

?

Those responsible for the security and use of a particular set of information.

3 Types of Data Ownership

A

Data owners

73
Q

?

Working directly with data owners, ? are responsible for the storage, maintenance, and protection of the information.

3 Types of Data Ownership

A

Data custodians

74
Q

?

End users who work with the information to perform their assigned roles supporting the mission of the organization.

3 Types of Data Ownership

A

Data users

75
Q

3 Communities of Interest

The three Communities of Interest are ?, ??, and ???.

A
  • Information Security Management and Professionals
  • Information Technology Management and Professionals
  • Organizational Management and Professionals
76
Q

?

The administrators and technicians who implement security can
be compared to a painter applying oils to canvas

A touch of color here, a brush stroke there, just enough to represent the image the artist wants to convey without overwhelming the viewer, or in security terms, without overly restricting user access.

Information Security: Is it an Art of a Science?

A

Security as Art

77
Q

?

Technology developed by computer scientists and engineers—which is designed for rigorous performance levels—makes information security a science as well as an art.

Most scientists agree that specific conditions cause virtually all actions in computer systems.

Information Security: Is it an Art of a Science?

A

Security as Science

78
Q

?

A third view to consider is information ?, which integrates some of the components of art and science and adds another dimension to the discussion.

?? examines the behavior of individuals as they
interact with systems, whether these are societal systems
or, as in this context, information systems

Information Security: Is it an Art of a Science?

A
  • Security as a Social Science
  • Social Science

ITEC85A - Information Assurance And Security 1 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions