Information Security – Chapter 1 – Flashcards
Unlock all answers in this set
Unlock answersquestion
computer security
answer
used to refer to the need to secure the physical location of computer technology from outside threats but later came to represent all actions taken to preserve computer systems from losses (ex. protecting information)
question
when did the need for computer security first arise?
answer
World War II, when the first mainframe computers were developed and used to aid computations for communication code breaking
question
ARPANET
answer
developed by Dr. Larry Roberts in 1968; evolved into the Internet
question
Robert M. Metcalfe
answer
one of the creators of Ethernet who identified problems with ARPANET security in 1973
question
Rand Report R-609
answer
a document that attempted to define the multiple controls and mechanisms necessary for protecting a computerized data processing system; the results of task force assembled under ARPA in 1967; considered as the paper that started the study of computer security
question
the scope of computer security expanded into:
answer
securing the data, limiting random and unauthorized access to that data, involving personnel from multiple levels of the organization in information security
question
MULTICS
answer
first operating system to integrate security into its core function; implemented multiple security levels and passowrds
question
UNIX
answer
1969; primarily for text processing; did not require the same level of security as MULTICS
question
Computer Fraud and Abuse Act of 1986; Computer Security Act of 1987
answer
legislation passed in the mid 1980's that formalized the recognition of computer security as a critical issue for federal information systems
question
security
answer
protection from adversaries
question
information security
answer
the protection of information and its critical elements, including the systems and hardware that use, store, and transmit the information
question
network security
answer
the protection of voice and data networking components, connections, and content; a subset of communications security
question
CIA triangle
answer
confidentiality, integrity, and availability; was the standard for computer security in both industry and government but is now seen as no longer adequate
question
botnet
answer
"robot network"; example of an indirect attack in which a hacker compromises a system and uses it to attack other systems
question
exposure
answer
when a vulnerability is known to an attacker
question
McCumber Cube
answer
a graphical representation of the architectural approach widely used in computer and information security
question
information system
answer
the entire set of software, hardware, data, people, procedures, and networks that enable the use of information resources in the organization; 1. people 2. procedures 3. technology
question
software
answer
one of the most difficult IS components to secure; includes applications, operating systems, and assorted command utilities; often the target of accidental or intentional attacks
question
bottom-up approach
answer
a method of establishing security policies that begins as a grassroots effort in which systems administrators attempt to improve the security of their systems
question
top-down approach
answer
a method of establishing security policies that is initiated by upper management
question
security systems development life cycle (SecSDLC)
answer
a method for the design and implementation of security systems based on the systems development life cycle
question
systems development life cycle (SDLC)
answer
a method fro the design and implementation of an information system; the SDLC contains different phases depending on the methodology deployed but generally the phases address the investigation, analysis, design, implementation, and maintenance of an information system
question
waterfall model
answer
investigation-->analysis-->logical design-->physical design-->implementation-->maintenance and change
question
software assurance (SA)
answer
a methodological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages; attempts to intentionally create software free of vulnerabilities and provide effective, efficient software that users can deploy with confidence
question
chief information officer (CIO)
answer
an executive-level position that oversees the organization's computing technology and strives to create efficiency in the processing and access of the organization's information
question
chief information security officer (CISO)
answer
typically considered the top information security officer in an organization; usually not an executive-level position, and frequently the person in this role reports to the CEO
question
data custodians
answer
people who are responsible for the storage, maintenance, and protection of information
question
data owners
answer
people who own the information and thus determine the level of classification for their data and approve its access authorization
question
data users
answer
people who work with the information to perform their daily jobs and support the mission of the organization