Principles 1 Flashcards
-a well-informed sense of assurance that the information risks and controls are in balance.
-protection of both data and physical assets.
information security
-must review the origins of this field to understanding of information security today.
security professionals
-the quality or state of being secure- to be free from danger.
-a successful organization should have multiple layrs of security in place
security
-the protection of physical items objects or areas from unauthorized access and misuse.
physical security
-a risk management process that encourage managers to view operations from the perspective of an adversary in order to protect sensitive information from falling into the wrong hands
operations security
the protection of voice and data networking components connections and content.
communication security
-was standard based on confidentiality, integrity, and availability.
-now expanded into list of critical characteristics of information.
C.I.A triangle
(key information security concepts)
-a subject or object’s ability to use manipulate, modify or affect another subject or object
access
(key information security concepts)
-the organizational resource that is being protected
asset
(key information security concepts)
-an intentional and unintentional act that can damage or otherwise compromise information in the systems that support it.
attack
(key information security concepts)
-these are security mechanisms policies or procedures that can successfully counter attack reduce risk resolve vulnerabilities and otherwise imrpove securiity within an organization
control, safeguard or countermeasure
(key information security concepts)
-a technique used to compromise the system
exploit
(key information security concepts)
-a condition or state of being exposed,
exposure
(key information security concepts)
-a single instance of information asset suffering damage or destruction unintended or unauthorized modification or disclosure or denial of use.
loss
(key information security concepts)
the entire set of controls and safeguards including policy education training and awareness and technology that the organization implements to protect the asset.
protection profile or security posture
(key information security concepts)
-the probability of an unwanted occurence such as an adverse event or loss
risk
(key information security concepts)
-a category of objects people or other entities that represent a danger to an asset
threat
(key information security concepts)
-the specific instance or a component of a threat
threat agent
(key information security concepts)
-a weakness of fault in a sstem or protection mechanisms that opens it to attack or damage.
vulnerability
(critical characterisitics of information)
-an attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction.
availability
(critical characteristics of information)
-an attribute of information that describes how data is free of errors and has the value that the user expects.
accuracy
(critical characteristics of information)
-an attribute of information that describes how data is genuine or original rather than reproduced or fabricated.
authenticity
(critical characteristics of information)
-an attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuas or systems
confidentiality
(critical characteristics of information)
-an attribute of information that describes how data is whole complete and uncorrupted
integrity
(critical characteristics of information)
-an attribute of information the describes how data has value or usefulness for an end purpose
utility
(critical characteristics of information)
-an attribute of information that describes how the data’s ownership or control is legitimate or authorized
possession
-a graphical representation of the architectural approach widely used in computer and information security
mccumber cube
-is entire set of components necessary to use information as a resource in the organization
information security
(components of an information system)
-includes applications including operating systems and assorted command
software
(components of an information system)
-is a physical technology that houses and executres the softare stores and transports the data and provides interfaces for the entry and removal of information from the system
hardware
(components of an information system)
-that are stored processed and transmitted by a computer system must be protected.
data
(components of an information system)
-can be weakest link in an organization’s information security program unless policy education and training awareness and technology are properly employed to prevent people from a accidentally or intentionally damaging or losing information
people
(components of an information system)
-are written in instructions for accomplishing a specific task
procedures
(components of an information system)
-is a component created much of the need for increased computer information security even with the best planning and implementation it is impossible to obtain perfect information security.
networks
