Deck 1: Introduction to Information Security

In the physical design phase, specific technologies are selected.

Hardware is often the most valuable asset possessed by an organization, and it is the main target of intentional attacks.

To achieve balance-that is, to operate an information system that satisfies the user and the security professional-the security level must allow reasonable access, yet protect against threats.

The water-ski model is a type of SDLC in which each phase of the process flows from the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments.

During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.

A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information.

A breach of possession may not always result in a breach of confidentiality.

The value of information comes from the characteristics it possesses.

Information security can be an absolute.

A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.

The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).

The bottom-up approach to information security has a higher probability of success than the top-down approach.

The investigation phase of the SDLC involves specification of the objectives, constraints, andscope of the project.

The physical design is the blueprint for the desired solution.

E-mail spoofing involves sending an e-mail message with a harmful attachment.

Using a methodology will usually have no effect on the probability of success.

The roles of information security professionals are almost always aligned with the goals and mission of the information security community of interest.

The possession of information is the quality or state of having value for some purpose or end.

Network security focuses on the protection of physical items, objects, or areas from unauthorized access and
misuse.

MULTICS stands for Multiple Information and Computing Service. _________________________

Confidentiality ensures that only those with the rights and privileges to access information are able to do so. _________________________

A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas. _________________________

A(n) hardware system is the entire set of people, procedures, and technology that enable business to use information. _________________________

Of the two approaches to information security implementation, the top-down approach has a higher probability of success. _________________________

Key end users should be assigned to a developmental team, known as the united application development team. _________________________

Indirect attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. _________________________

Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, often referred to as the bottom-up approach. _________________________

The Security Development Life Cycle (SDLC) is a general methodology for the design and implementation of an information system. _________________________

Information has redundancy when it is free from mistakes or errors and it has the value that the end user expects. _________________________

When unauthorized individuals or systems can view information, confidentiality is breached. _________________________

According to the CNSS, networking is "the protection of information and its critical elements." _________________________

The Analysis phase of the SDLC examines the event or plan that initiates the process and specifies the objectives, constraints, and scope of the project. _________________________

Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. _________________________

SecOps focuses on integrating the need for the development team to provide iterative and
rapid improvements to system functionality and the need for the operations team to improve
security and minimize the disruption from software release cycles. _________________________

The ____________________ component of an information system comprises applications, operating systems, and assorted command utilities.

The history of information security begins with the concept of ____________________ security.

In an organization, the value of ____________________ of information is especially high when it involves personal information about employees, customers, or patients.

____________________ enables authorized users-people or computer systems-to access information without interference or obstruction and to receive it in the required format.

The CNSS model of information security evolved from a concept developed by the computer security industry known as the ____________________ triad.

A computer is the ____________________ of an attack when it is the entity being targeted.

The senior technology officer is typically the chief ____________________ officer.

Software is often created under the constraints of ____________________ management, placing limits on time, cost, and manpower.

In the ____________________ approach, the project is initiated by upper-level managers who issue policy, procedures, and processes, dictate the goals and expected outcomes, and determine accountability for each required action.

A frequently overlooked component of an information system, ____________________ are the written instructions for accomplishing a specific task.

The ____________________ phase consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems.

A(n) ____________________ is a formal approach to solving a problem by means of a structured sequence of procedures.

During the early years, information security was a straightforward process composed predominantly of ____________________ security and simple document classification schemes.

____________________ of information is the quality or state of being genuine or original, rather than a reproduction or fabrication.

The Internet brought ____________________ to virtually all computers that could reach a phone line or an Internet-connected local area network.

The ____________________ of information is the quality or state of ownership or control of some object or item.

During the ____________________ War, many mainframes were brought online to accomplish more complex and sophisticated tasks, so it became necessary to enable the mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers.

During the  ____________________ phase of the systems life cycle, the process begins by examining theevent or plan that initiated the process. During this phase, the objectives, constraints, and scope of the project are specified.

Information has ____________________ when it is whole, complete, and uncorrupted.