Lesson 1 Flashcards

1
Q

Where the history of information security begins.

A

Computer Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The practice of protecting information and its critical elements by mitigating risks; a part of information risk management.

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When did computer security begin?

A

Computer security began immediately after the first mainframes were developed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WHEN: Department of Defense’s Advanced Research Project Agency (ARPA); feasibility of redundant networked communications.

A

1960s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

WHEN: Popularity and misuse of ARPANet grew and had two (2) fundamental security problems.

A

1970s & 1980s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What were the two (2) fundamental security problems experienced by the popularity of ARPANET during the 1970s & 1980s?

A

No safety procedures for dial-up communication to the ARPANET.
User identification and authorization were non-existent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

WHEN: The microprocessor expanded computing capabilities and security threats.

A

Late 1970s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Who developed the ARPANET project during the 1960s?

A

Larry Roberts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When was the ARPANET Program Plan released?

A

June 3, 1968

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Where information security and the study of computer security began.

A

R-609

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What was the scope of R-609? (4)

A

Physical Security
Data Safety
Limited unauthorized access to data.
Involvement of personnel from multiple organization levels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

WHEN: Computer networks grew prevalent; the internet was commercialized.

A

1990s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

WHEN: The internet became a medium of thousands of communication; security is reliant; everyone is vulnerable.

A

2000s to Present Day

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The state of being secure, to be free from danger, and or be protected from adversaries; a balance of protection and availability.

A

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the multiple layers of security? (5)

A

Physical Security
Personal Security
Operations Security
Communications Security
Network Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

To manipulate or modify another subject.

A

Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The resource being safeguarded.

A

Asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Can harm information and the system that supports it.

A

Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The mechanisms used to counter assaults.

A

Control / Safeguard / Countermeasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The act of compromising a system.

A

Exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A condition of state.

A

Exposure

22
Q

A single instance of an information asset being damaged in an illegal manner.

A

Loss

23
Q

A collection of controls and protections.

A

Protection Profile / Security Posture

24
Q

The likelihood for something unfavorable to happen.

A

Risk

25
Q

The tool used for an attack (subject); target (object).

A

Subjects & Objects

26
Q

A group of items, people, or other entities that pose a ____ to an asset; represents a constant danger to an asset.

A

Threats

27
Q

A specific instance of a threat; damages or steals information.

A

Threat Agent

28
Q

A flaw or weakness in the system that allows damage.

A

Vulnerability

29
Q

What are the values involved in the CIA Triad? (8)

A

Confidentiality
Integrity
Availability
Accuracy
Authenticity
Phishing
Utility
Possession

30
Q

A core concept of the CIA Triad that is closely tied to privacy.

A

Confidentiality

31
Q

What are the components of an information system? (6/7)

A

Software
Hardware
Data
People
Procedures
Networks

Laptop Thefts…?

32
Q

Security from grass-roots effort, technical expertise of individual admins; seldom works; lack of participant support and organizational staying power.

A

Bottom-up Approach

33
Q

Initiated by upper management; has strong upper management support, a dedicated champion, dedicated funding, clear planning, and the chance to influence organizational culture.

A

Top-down Strategy

34
Q

Supports specialized implementations of a security project; a coherent program rather than a series of random actions.

A

Security Systems Development Life Cycle (SecSDLC)

35
Q

The Security Systems Development Life Cycle (SecSDLC) can be… (2)

A

Event-driven
Plan-driven

36
Q

A SecSDLC that serves as a response to an occurrence.

A

Event-driven

37
Q

A SecSDLC that serves as a result of an implementation strategy.

A

Plan-driven

38
Q

What are the phases of the SecSDLC? (6)

A

1 | Investigation
2 | Analysis
3 | Logical Design
4 | Physical Design
5 | Implementation
6 | Maintenance & Change

39
Q

Create blueprints for security

A

Logical Design & Physical Design

40
Q

The senior technology officer.

A

Chief Information Officer

41
Q

Also referred to as the Manager for Security, the Security Administrator, or a similar title.

A

Chief Information Security Officer

42
Q

Individuals experienced in one or multiple requirements of technical and non-technical areas.

A

Information Security Project Team

43
Q

An Information Security Project Team is usually composed of… (7)

A

Champion
Team Leader
Security Policy Developers
Risk Assessment Specialists
Security Professionals
Systems Administrators
End Users

44
Q

The weakest link in the security chain.

A

End Users

45
Q

Responsible for the security and use of a particular set of information.

A

Data Owner

46
Q

Responsible for the storage, maintenance, and protection of information.

A

Data Custodian

47
Q

The end systems users who work with the information.

A

Data Users

48
Q

What are the communities of interest of an Information Security Project Team? (3)

A

Information Security Management & Professionals
Information Technology Management & Professionals
Organizational Management & Professionals

49
Q

No hard and fast rules, nor many universally accepted solutions, no magic user’s manual, complex levels of interactions.

A

Security as Art

50
Q

Dealing with technology designed to perform at high levels of performance, specific conditions cause actions, faults can be resolved with sufficient time.

A

Security as Science

51
Q

Examines the behavior of individuals interacting with the systems.

A

Security as Social Science