Lecture 1 - Introduction to Information Security Flashcards

1
Q

?

Earlier versions of the German code machine ? were first broken by the Poles in the 1930s.

The History of Information Security

A

Enigma

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

?

The British and Americans managed to break later, more complex versions during World War II.

The History of Information Security

A

Enigma

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

?

The increasingly complex versions of the ?, especially the submarine version of the ?, caused considerable anguish to Allied forces before finally being cracked.

The History of Information Security

A

Enigma

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The Enigma

Earlier versions of the German code machine Enigma were first broken by the Poles in the ?.

Hint: 19xxs

The History of Information Security

A

1930s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

?

During the Cold War, many more mainframes were brought online to accomplish more complex and sophisticated tasks.

Hint: 19xxs

The History of Information Security

A

1960s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

?

During the next decade, ARPANET became popular and more widely used, and the potential for its misuse grew.

Hint: 19xxs and 19xxs

The History of Information Security

A

1970s and 80s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

1968

Maurice Wilkes discusses password security in ?.

Hint: ? Computer Systems

The History of Information Security

A

Time-Sharing Computer Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

1973

Schell, Downey, and Popek examine the need for additional security in military systems in “Preliminary Notes on the Design of ?”.

Hint: ? Computer Systems

The History of Information Security

A

Secure Military Computer Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

1975

The Federal Information Processing Standards (FIPS) examines Digital Encryption Standard (DES) in the ?.

The History of Information Security

A

Federal Register

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

1978

Bisbey and Hollingworth publish their study “?: Final Report”, discussing the ? project created by ARPA to better understand the vulnerabilities detection techniques in existing system software.

The History of Information Security

A

Protection Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

1979

Morris and Thompson author “?: A Case History” published in the Communications of the Association for Computing Machinery (ACM). This paper examines the history of a design for a ? scheme on a remotely accessed, time-sharing system.

The History of Information Security

A

Password Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

1979

Dennis Ritchie publishes “On the Security of UNIX” and “Protection of Data File Contents” discussing secure user IDs and secure group IDs, and the problems inherent in the systems.

The History of Information Security

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

1984

Grampp and Morris write ”?”. In this report, the authors examine four “important handles to computer security”: (1) physical control of premises and computer facilities, (2) management commitment to security objectives, (3) education of employees, and (4) administrative procedures aimed at increased security.

Hint: ? OS ?

The History of Information Security

A

UNIX Operating System Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

1984

Reeds and Weinberger publish ”?”. Their premise was: “No technique can be secure against wiretapping or its equivalent on the computer. Therefore no technique can be secure against the systems administrator or other priviledged users … the naive user has no chance.”

Hint: ? ? and the UNIX ? ? ?

The History of Information Security

A

File Security and the UNIX System Crypt Command

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

?

At the close of the twentieth century, networks of computers became more common, as did the need to connect these networks to each other. professionals.

Hint: 19xxs

The History of Information Security

A

1990s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

?

Today, the Internet brings millions of unsecured computer networks into continuous communication with each other. The security of each computer’s stored information is now contingent on the level of security of every other computer to which it is connected.

Hint: 2XXX ? ?

The History of Information Security

A

2000 to Present

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

In general, ? is “the quality or state of being secure— to be free from danger.” In other words, protection against adversaries— from those who would do harm, intentionally or otherwise— is the objective.

What is Security?

A

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

6 Layers of Security (to protect organization operations)

A successful organization should have the following multiple layers of security in place to protect its operations: ?, ??, ???, ????, ?????, and ??????.

What is Security?

A
  • Physical security
  • Personnel security
  • Operations security
  • Communications security
  • Network security
  • Information security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

?

?, to protect physical items, objects, or areas from unauthorized access and misuse.

6 Layers of Security (to protect organization operations)

A

Physical security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

?

?, to protect the individual or group of individuals who are authorized to access the organization and its operations

6 Layers of Security (to protect organization operations)

A

Personnel security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

?

?, to protect the details of a particular operation or series of activities.

6 Layers of Security (to protect organization operations)

A

Operations security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

?

?, to protect communications media, technology, and content

6 Layers of Security (to protect organization operations)

A

Communications security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

?

?, to protect networking components, connections, and contents

6 Layers of Security (to protect organization operations)

A

Network security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

?

?, to protect the confidentiality, integrity and availability
of information assets
, whether in storage, processing, or transmission.

6 Layers of Security (to protect organization operations)

A

Information security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
# 4 Components of Information Security **Components of Information Security**: ?, ??, ???, and ???.
* Management of information security * Network security * Computer & data security * Policy
26
# 13 Key Information Security Concepts **Key Information Security Concepts**: ?, ??, ???, ????, ?????, ??????, ???????, ????????, ?????????, ??????????, ???????????, ????????????, and ?????????????.
* Access * Asset * Attack * Control, safeguard, or countermeasure * Exploit * Exposure * Loss * Protection profile or security posture * Risk * Subjects and objects * Threat * Threat agent * Vulnerability
27
# ? A subject or object’s **ability to use, manipulate, modify, or affect** another subject or object. ## Footnote **13 Key Information Security Concepts**
Access
28
# ? The **organizational resource** that is being protected. An asset can be: * **logical**, such as a Web site, information, or data; or * **physical**, such as a person, computer system, or other tangible object. ## Footnote **13 Key Information Security Concepts**
Asset
29
# Asset An asset can be **?**, such as a **Web site, information, or data**; or an asset can be **??**, such as a **person, computer system, or other tangible object**. ## Footnote **13 Key Information Security Concepts**
* logical * physical
30
# ? An intentional or unintentional act that can **cause damage to or otherwise compromise information** and/or the systems that support it. ## Footnote **13 Key Information Security Concepts**
Attack
31
# ? **Security mechanisms, policies, or procedures** that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization. ## Footnote **13 Key Information Security Concepts**
Control, safeguard, or countermeasure
32
# ? A technique used to **compromise a system**. ## Footnote **13 Key Information Security Concepts**
Exploit
33
# ? A **condition or state of being exposed**. In information security, **?** exists when a **vulnerability known to an attacker is present**. ## Footnote **13 Key Information Security Concepts**
Exposure
34
# ? A single instance of an **information asset suffering damage or unintended or unauthorized modification or disclosure**. ## Footnote **13 Key Information Security Concepts**
Loss
35
# ? The **entire set of controls and safeguards**, including policy, education, training and awareness, and technology, that the organization implements (or fails to implement) to **protect the asset**. ## Footnote **13 Key Information Security Concepts**
Protection profile or security posture
36
# ? The **probability** that **something unwanted will happen**. ## Footnote **13 Key Information Security Concepts**
Risk
37
# ? A computer can be either: * the **subject of an attack**—an **agent entity** used to conduct the attack— or * the **object of an attack**— the **target entity**. ## Footnote **13 Key Information Security Concepts**
Subjects and objects
38
# ? A category of objects, persons, or other entities that **presents a danger** to an asset. **?**s are **always present** and can be **purposeful or undirected**. ## Footnote **13 Key Information Security Concepts**
Threat
39
# ? The **specific instance** or a **component** of a **threat**. ## Footnote **13 Key Information Security Concepts**
Threat agent
40
# ? A **weaknesses or fault in a system** or protection mechanism that opens it to attack or damage. ## Footnote **13 Key Information Security Concepts**
Vulnerability
41
# 7 Critical Characteristics of Information **Critical Characteristics of Information**: ?, ??, ???, ????, ?????, ??????, and ???????.
* Availability * Accuracy * Authenticity * Integrity * Confidentiality * Utility * Possession
42
# ? **?** enables **authorized users**— persons or computer systems— to **access information** without interference or obstruction and to receive it in the required format. ## Footnote **7 Critical Characteristics of Information**
Availability
43
# ? Information has **?** when it is **free from mistakes or errors** and it has the **value that the end user expects**. If information has been intentionally or unintentionally modified, it is no longer accurate. ## Footnote **7 Critical Characteristics of Information**
Accuracy
44
# ? **?** of information is the **quality or state of being genuine or original**, rather than a reproduction or fabrication. ## Footnote **7 Critical Characteristics of Information**
Authenticity
45
# ? Information has **?** when it is **whole, complete, and uncorrupted**. The **?** of information is threatened when the information is exposed to corruption. ## Footnote **7 Critical Characteristics of Information**
Integrity
46
# ? Information has **?** when it is **protected from disclosure or exposure** to unauthorized individuals or systems. ## Footnote **7 Critical Characteristics of Information**
Confidentiality
47
# 4 Number of Measures (to protect the confidentiality of information) To protect the confidentiality of information, you can use a **number of measures**, including the following: ?, ??, ???, and ????. ## Footnote **Critical Characteristics of Information - Confidentiality**
* Information classification * Secure document storage * Application of general security policies * Education of information custodians and end users
48
# ? The **?** of information is the **quality or state of having value** for some purpose or end. ## Footnote **7 Critical Characteristics of Information**
Utility
49
# ? The **?** of information is the **quality or state of ownership or control**. ## Footnote **7 Critical Characteristics of Information**
Possession
50
# 6 Components of an Information System **Components of an Information System**: ?, ??, ???, ????, ?????, and ??????.
* Software * Hardware * Data * People * Procedures * Networks
51
# ? **?** is perhaps the **most difficult IS (Information System) component to secure**. The **exploitation of errors** in software programming accounts for a substantial portion of the attacks on information. ## Footnote **6 Components of an Information System**
Software
52
# ? **?** is the **physical technology** that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. ## Footnote **6 Components of an Information System**
Hardware
53
# ? **?** **stored, processed, and transmitted** by a computer system must be protected. ## Footnote **6 Components of an Information System**
Data
54
# ? Though *often overlooked in computer security considerations*, **?** have **always been a threat** to information security. ## Footnote **6 Components of an Information System**
People
55
# ? *Another frequently overlooked component of an IS (Information System)* is **?**. **?** are **written instructions** for accomplishing a specific task. When an unauthorized user obtains an organization’s **?**, this poses a threat to the integrity of the information. ## Footnote **6 Components of an Information System**
Procedures
56
# ? The IS (Information System) component that created much of the **need for increased computer and information security** is **?**ing. ## Footnote **6 Components of an Information System**
Networks
57
# 2 Approaches to Information Security Implementation **Approaches to Information Security Implementation**: ? and ??.
* Bottom-up Approach * Top-down Approach
58
# ? The **implementation of information security** in an organization must **begin** somewhere, and **cannot happen overnight**. ## Footnote **2 Approaches to Information Security Implementation**
* Bottom-up Approach
59
# ? **Securing information assets** is in fact an **incremental process** that requires coordination, time, and patience. ## Footnote **2 Approaches to Information Security Implementation**
* Bottom-up Approach
60
# ? **Information security* can begin as a **grassroots effort** in which **systems administrators attempt to improve the security** of their systems. ## Footnote **2 Approaches to Information Security Implementation**
* Bottom-up Approach
61
# ? The **?**— in which the project is **initiated by upper-level managers** who issue policy, procedures and processes, dictate the goals and expected outcomes, and determine accountability for each required action— has a **higher probability of success**. ## Footnote **2 Approaches to Information Security Implementation**
* Top-down Approach
62
# 4 Sections of Information Security Responsibilies The following sections describe the **typical information security responsibilities of various professional roles in an organization**: ?, ??, ???, and ????. ## Footnote **Security Professionals and the Organization**
* Senior Management * Information Security Project Team * Data Responsibilities * Communities of Interest
63
# 7 Members of the Security Project Team Members of the **security project team**: ?, ??, ???, ????, ?????, ??????, and ???????. ## Footnote **Information Security Project Team**
* Champion * Team leader * Security policy developers * Risk assessment specialists * Security professionals * Systems administrators * End users
64
# ? A **senior executive** who promotes the project and ensures its support, both *financially* and *administratively*, at the **highest levels of the organization**. ## Footnote **7 Members of the Security Project Team**
Champion
65
# ? A **project manager**, who may be a *departmental line manager* or *staff unit manager*, who understands **project management**, **personnel management**, and **information security technical requirements**. ## Footnote **7 Members of the Security Project Team**
Team Leader
66
# ? People who understand the **organizational culture**, **existing policies**, and **requirements for developing and implementing successful policies**. ## Footnote **7 Members of the Security Project Team**
Security Policy Developers
67
# ? People who understand **financial risk assessment techniques**, the **value of organizational assets**, and the **security methods** to be used. ## Footnote **7 Members of the Security Project Team**
Risk Assessment Specialists
68
# ? Dedicated, trained, and well-educated specialists in **all aspects of information security** from both a **technical and nontechnical standpoint**. ## Footnote **7 Members of the Security Project Team**
Security Professionals
69
# ? People with the **primary responsibility** for **administering the systems** that house the information used by the organization. ## Footnote **7 Members of the Security Project Team**
Systems Administrators
70
# ? Those whom the new system will most **directly affect**. Ideally, a **selection of users from various departments, levels, and degrees of technical knowledge** assists the team in focusing on the application of realistic controls applied in ways that do not disrupt the essential business activities they seek to safeguard. ## Footnote **7 Members of the Security Project Team**
End Users
71
# 3 Types of Data Ownership The three types of data ownership are: ?, ??, and ??? ## Footnote **Data Responsibilities**
* Data owners * Data custodians * Data users
72
# ? Those **responsible for the security** and use of a particular set of information. ## Footnote **3 Types of Data Ownership**
Data owners
73
# ? Working directly with data owners, **?** are **responsible for the storage, maintenance, and protection** of the information. ## Footnote **3 Types of Data Ownership**
Data custodians
74
# ? **End users who work with the information** to perform their assigned roles supporting the mission of the organization. ## Footnote **3 Types of Data Ownership**
Data users
75
# 3 Communities of Interest The three Communities of Interest are ?, ??, and ???.
* Information Security Management and Professionals * Information Technology Management and Professionals * Organizational Management and Professionals
76
# ? The administrators and technicians who implement security can be compared to **a painter applying oils to canvas** A **touch of color here, a brush stroke there**, just enough to **represent the image the artist wants to convey** without overwhelming the viewer, or in security terms, without overly restricting user access. ## Footnote **Information Security: Is it an Art of a Science?**
Security as Art
77
# ? Technology **developed by computer scientists and engineers**—which is designed for rigorous performance levels—makes **information security a science as well as an art**. Most **scientists** agree that specific conditions cause virtually all actions in computer systems. ## Footnote **Information Security: Is it an Art of a Science?**
Security as Science
78
# ? A third view to consider is information **?**, which integrates some of the components of art and science and **adds another dimension to the discussion**. **??** **examines the behavior of individuals** as they interact with systems, whether these are societal systems or, as in this context, information systems ## Footnote **Information Security: Is it an Art of a Science?**
* Security as a Social Science * Social Science