Assurance, Security and Prvy - Chapter 1
Information security is a concept that predates modern computers
True
False
Information security is a concept that came along with modern computers
True
False
People encrypted messages well before any computer was created
True
False
Encrypted messages is a new invention that can be only be done on computers.
True
False
Caesar Cipher is an example of ______
Modern digital encryption
Old encryption
Enigma was a critical component in WWII
True
False
Enigma was a PC component that was invented in WWI
True
False
ARPA stands for...
Advanced Repercussion Panel Alliance
Advanced Research Project Agency
Redundant networked communications
ARPAnet
ENIGMAnet
Security issues were identified in ARPAnet
True
False
No issue was identified in ARPAnet
True
False
First operating system created with security as its primary goal was a system called ______
Multiplexed Information and Computing Service (MULTICS)
Doubleday Informative Communication Section (DICS)
More computers lead to the need for more networks of computers
True
False
More computers lead to the need for less networks of computers
True
False
Internet became first global network of networks
True
False
Intranet became second global network of networks
True
False
In early Internet days, security was treated as low priority
True
False
In early Internet days, security was treated as high priority
True
False
More connectivity means bigger need for security
True
False
More connectivity means smaller need for security
True
False
The quality or state of being secure—to be free from danger
Security
Satisfaction
______ involves the protection of information and its critical elements, including systems and hardware that use, store, and transmit that information.
Personal Security
Information Security
What are the necessary tools for the implementation of security?
Policy, awareness, training, education, technology
Money, willpower, people, power
A successful organization should have multiple layers of security in place.
True
False
A successful organization should have only one layer of security in place
True
False
A successful organization should have multiple layers of security in place:
Physical security - Personal security - Operations security - Communication security - Network security - Information security
Global security - Border security - Food security - Job security - Education security
______ was standard based on confidentiality, integrity, and availability
C.I.A. triad
F.B.I. trio
______ now expanded into list of critical characteristics of information
C.I.A. triad
F.B.I. trio
What does C.I.A stand for?
Central Intelligence Agency
Confidentiality, Integrity, Availability
Enables users who need to access information to do so without interference or obstruction and in the required format. The information is said to be available to an authorized user when and where needed and in the correct format.
Availability
Accuracy
Authenticity
Confidentiality
Free from mistake or error and having the value that the end user expects. If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate.
Availability
Accuracy
Authenticity
Confidentiality
The quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred.
Availability
Accuracy
Authenticity
Confidentiality
The quality or state of preventing disclosure or exposure to unauthorized individuals or systems.
Availability
Accuracy
Authenticity
Confidentiality
The quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.
Integrity
Utility
Possession
None of the above
The quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end user, it is not useful.
Integrity
Utility
Possession
None of the above
The quality or state of having ownership or control of some object or item. Information is said to be in possession if one obtains it, independent of format or other characteristic. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality.
Integrity
Utility
Possession
None of the above
What are the components of information system?
Physical devices - Applications and written code - Networks - Data and information - Rules and policies - People
Hard disk - Monitor - Mouse - Keyboard - Printers - CPU - Mousepads
What are the components of information system?
Webcams - SSDs - GPUs - Authorizations - ALU - CU
Hardware - Software - Telecom - Databases - People - Procedures
Which one is the subject of attack?
Hacker
Remote system
Which one is the object of attack?
Hacker
Remote system
More security means less functionality and usability.
True
False
More security means more functionality and usability.
True
False
What are the two kinds of approaches to Information Security Implementation?
Top-down approach - Bottom-up approach
Left approach - Right approach
Grassroots effort: systems administrators attempt to improve security of their systems
Top-down approach
Bottom-up approach
Key advantage: technical expertise of individual administrators
Top-down approach
Bottom-up approach
Seldom works, as it lacks a number of critical features, such as participant support and organizational staying power.
Top-down approach
Bottom-up approach
What are the two critical features that Bottom-up approach lacks?
Participant support - Organizational staying power
Influence - Money
Which approach has higher chance of success?
Top-down approach
Bottom-up approach
Initiated by upper management
Top-down approach
Bottom-up approach
Issue policy, procedures, and processes
Top-down approach
Bottom-up approach
Dictate goals and expected outcomes of project
Top-down approach
Bottom-up approach
Determine accountability for each required action
Top-down approach
Bottom-up approach
The most successful top-down approach also involves a formal development strategy referred to as a ______
Operation Update Life Cycle (OULC)
Systems Development Life Cycle (SDLC)
______ is methodology for design and implementation of information system within an organization
Operation Update Life Cycle (OULC)
Systems Development Life Cycle (SDLC)
What are the stages of SDLC? (In-order)
System planning - System design - System analysis - Implementation - Maintenance and support
System planning - System analysis - System design - Implementation - Maintenance and support
The same phases used in traditional SDLC may be adapted to support specialized implementation of an IS security project
True
False
The same phases used in traditional SDLC may not be adapted to support specialized implementation of an IS security project, as IS security projects tend to be more complicated and more advanced than civilian projects.
True
False
Identification of specific threats and creating controls to counter them
SDLC
SecSDLC
______ is a coherent program rather than a series of random, seemingly unconnected actions
SDLC
SecSDLC
Planning: What problem is the system being developed to solve?
SDLC
SecSDLC
Planning: What security issues do we face?
SDLC
SecSDLC
Planning: Objectives, constraints, and scope of project are specified
SDLC
SecSDLC
Planning: Identifies process, outcomes, goals, and constraints of the project
SDLC
SecSDLC
Planning: Involves a feasibility study
SDLC
SecSDLC
Planning: Begins with high-level Enterprise Information Security Policy (EISP
SDLC
SecSDLC
Analysis: Consists of analysing business needs and requirements
SDLC
SecSDLC
Analysis: Involves describing what the system does
SDLC
SecSDLC
Analysis: Ends with a requirements document
SDLC
SecSDLC
Analysis: Analysis of existing security policies or programs, along with documented current threats and associated controls
SDLC
SecSDLC
Analysis: Includes analysis of relevant legal issues that could impact design of the security solution
SDLC
SecSDLC
Analysis: Risk management begins
SDLC
SecSDLC
Design: The start of the “solution” for the identified problem (A logical solution/design)
SDLC
SecSDLC
Design: Moves into a technical description of “how” the solution will be implemented
SDLC
SecSDLC
Design: Produces a design specifications document
SDLC
SecSDLC
Design: Creates and develops blueprints for information security (logical)
SDLC
SecSDLC
Design: Includes contingency planning (IRP, DRP, BCP)
SDLC
SecSDLC
Design: Needed security technology is evaluated, alternatives are generated, and final design is selected (physical)
SDLC
SecSDLC
Implementation: Software is created; components are ordered, received, assembled, and tested
SDLC
SecSDLC
Implementation: Users trained and documentation created
SDLC
SecSDLC
Implementation: Security solutions are acquired, tested, implemented, and tested again
SDLC
SecSDLC
Implementation: Personnel issues evaluated; specific training and education programs conducted
SDLC
SecSDLC
Implementation: Entire tested package is presented to management for final approval
SDLC
SecSDLC
Maintenance: Consists of tasks necessary to support and modify system for remainder of its useful life
SDLC
SecSDLC
Maintenance: Perhaps the most important phase, given the ever-changing threat environment
SDLC
SecSDLC
Maintenance: As threats evolve, we must adapt and evolve as well
SDLC
SecSDLC
It takes a wide range of professionals to support a diverse information security program.
True
False
It does not take a wide range of professionals to support a diverse information security program.
True
False
To develop and execute specific security policies and procedures ______ is required.
Senior management, administrative support and technical expertise
Lower-tier managers, high-ranking administrators and middle class
Senior technology officer
Chief Information Officer (CIO)
Chief Information Security Officer (CISO)
Primarily responsible for advising senior executives on strategic planning
Chief Information Officer (CIO)
Chief Information Security Officer (CISO)
Primarily responsible for assessment, management, and implementation of IS in the organization
Chief Information Officer (CIO)
Chief Information Security Officer (CISO)
A senior executive who promotes the project and ensures its support, both financially and administratively, at the highest levels of the organization.
Champion
Team leader
Security policy developers
Risk assessment specialists
A project manager, who may be a departmental line manager or staff unit manager, who understands project management, personnel management, and information security technical requirements.
Champion
Team leader
Security policy developers
Risk assessment specialists
Individuals who understand the organizational culture, policies, and requirements for developing and implementing successful policies.
Champion
Team leader
Security policy developers
Risk assessment specialists
Individuals who understand financial risk assessment techniques, the value of organizational assets, and the security methods to be used.
Champion
Team leader
Security policy developers
Risk assessment specialists
Dedicated, trained, and well-educated specialists in all aspects of information security from both technical and nontechnical standpoints.
Security professionals
Systems administrators
End users
None of the above
Individuals with the primary responsibility for administering the systems that house the information used by the organization.
Security professionals
Systems administrators
End users
None of the above
Those the new system will most directly impact. Ideally, a selection of users from various departments, levels, and degrees of technical knowledge assist the team in focusing on the application of realistic controls applied in ways that do not disrupt the essential business activities they seek to safeguard.
Security professionals
Systems administrators
End users
None of the above
Responsible for the security and use of a particular set of information.
Data owner
Data custodian
Data users
None of the above
Responsible for storage, maintenance, and protection of information
Data owner
Data custodian
Data users
None of the above
End users who work with information to perform their daily jobs supporting the mission of the organization
Data owner
Data custodian
Data users
None of the above
{"name":"Assurance, Security and Prvy - Chapter 1", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Information security is a concept that predates modern computers, Information security is a concept that came along with modern computers, People encrypted messages well before any computer was created","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}
More Quizzes
Adaptation tourism facilities during a pandemic 2020
10517
ICAO Annexs
191056
Desenvolvimento Pessoal e Social
10513
Arvand's Quiz
1366
BFDIR 19
3219
Venipunture Procedures: Steps 15 & 16
520
If I were a dog would I be a brittney spaniel
100
Camp Chug-A-Long - Henry Flagler (PART 1)
740
What Team Are You On?
13632
Week 1
1050
...
7414
Who is your celebrity match?
8427