Lecture 2 - Flashcards
Protects the organization’s ability to ?
Four important functions for an organization
The need for security
function
Enables the safe operation of applications implemented on the organization’s ?
Four important functions for an organization
The need for security
IT systems
Protects the ? the organization collects and uses
Four important functions for an organization
The need for security
data
Safeguards the ? in use at the organization
Four important functions for an organization
The need for security
technology assets
?
is responsible
Protecting the ability to function
The need for security
Management
Information security is a ?, ??
Protecting the ability to function
The need for security
- a management issue
- a people issue
?
must argue for information security in terms of impact and cost
Protecting the ability to function
The need for security
Communities of interest
?
must argue for information security in terms of impact and cost
Protecting the ability to function
The need for security
Communities of interest
?
must create integrated, efficient, and capable applications
Enabling safe operation
The need for security
Organizations
Organization need environments that ? applications
Enabling safe operation
The need for security
safeguard
?
must not abdicate to the IT department its responsibility to make choices and enforce decisions
Enabling safe operation
The need for security
Management
One of the most valuable assets is ?
Protecting data
The need for security
data
Without ?, an organization loses its record of transactions and/or its ability to deliver value to its customers
Protecting data
The need for security
data
An effective ? is essential to the protection of the integrity and value of the organization’s data
Protecting data
The need for security
information security program
Organizations must have secure ? based on the size and scope of the enterprise
Safeguarding technology assets
The need for security
infrastructure services
Additional ? may have to be provided
Safeguarding technology assets
The need for security
security services
More ? may be needed to replace security programs the organization has outgrown
Safeguarding technology assets
The need for security
robust solutions
Management must be informed of the various kinds of ? facing the organization
Threats to Information Security
threats
A ? is an object, person, or other entity that represents a constant danger to an asset
Threats to Information Security
threat
By examining each ? in turn, management effectively protects its
information through policy, education and training, and technology controls
Threats to Information Security
threat category
12 Threats to Information security
Threats to Information Security
- Acts of human error or failure
- Compromises to intellectual property
- Deliberate acts of espionage or trespass
- Deliberate acts of information extrotion
- Deliberate acts of sabotage or vandalism
- Deliberate acts of theft
- Deliberate software attacks
- Forces of nature
- Deviations in quaity of service from service providers
- Technical hardware failures or errors
- Technical sortware failures or errors
- Technological obsolescence
?
Includes acts done without malicious intent
Threats to Information Security
Acts of human error or failure
?, ??, ???, ????
(4) Caused by:
Acts of human error or failure
Threats to Information Security
- Inexperience
- Improper training
- Incorrect assumptions
- Other circumstances
?
are greatest threats to information security –They are closest to the organizational data
Acts of human error or failure
Threats to Information Security
Employees