Computer Security Management Ch 1 – Flashcards
Unlock all answers in this set
Unlock answersquestion
describe information technology
answer
The vehicle that stores and transports information from one business unit to another. Capable of breaking down
question
The concept of computer security has been replaced by the concept of
answer
information security
question
Who is responsible for information security?
answer
Every employee, especially managers
question
Information security decisions should involve what three groups?
answer
information security managers/professionals, information technology managers/professionals, non-technical business managers/professionals
question
The role of the information security community
answer
Protects the organization's information assets from the threats they face
question
The role of the information technology community
answer
Supports the business objectives of the org by supplying and supporting the appropriate information technology
question
The role of the Non-technical general business community
answer
Articulates and communicates organizational policy and objectives and allocates resources to the other groups
question
define security
answer
The quality or state of being secure, to be free from danger.
question
How is security often achieved
answer
By means of sever strategies undertaken simultaneously or used in combination with one another.
question
What are the specialized areas of security?
answer
Physical, operations, communications, network
question
define information security
answer
The protection of information and its critical elements (confidentiality, integrity, availability), including the systems and hardware that use/store/transmit the information
question
How is information security performed?
answer
Through the application of policy, technology, and training/awareness programs.
question
That makes up the CIA triangle
answer
Confidentiality, integrity, availability
question
What is the mccumber cube
answer
Security model that provides a more detailed perspective on security
question
Describe the edges of the mccumber cube
answer
One one side: confidentiality, integrity, availability. On the second side: storage, processing, transmission. On the last side: policy, education, technology
question
define confidentality
answer
The characteristic of information whereby only those with sufficient privileges may access certain information
question
describe the measures used to protect confidentality
answer
information classification, secure document storage, application of general security policies, education of information custodians and end users
question
define integrity
answer
The quality or state of being whole, complete, and uncorrupted
question
When is information integrity threatened?
answer
If exposed to corruption, damage, destruction, or other disruption of its authentic state
question
When can corruption of information occur?
answer
Compilation, storage, or transmission
question
define availabilitiy
answer
The characteristic of information that enables user access to information in a required format, without interference or obstruction
question
define privacy
answer
Information collected, used, and stored by an organization is to be used only for the purposes stated to the data owner at the time it was collected
question
Does privacy signify freedom from observation?
answer
No, it means that information will be used only in ways known to the person providing it
question
define identification
answer
An information system possesses the characteristic of identification when it is able to recognize individual users
question
define authentication
answer
Occurs when a control proves that a user possesses the identity that he or she claims
question
define authorization
answer
Assures that the user has been specifically and explicitly authorized by the proper authority to access, update, or delete the contents of an information asset
question
When does authorization occur?
answer
After authentication
question
define accountability
answer
Exists when a control provides assurance that every activity undertaken can be attributed to a named person or automated process
question
define management
answer
The process of achieving objectives using a given set of resources
question
define manager
answer
Someone who works with and through other people by coordinating their work activities in order to accomplish organizational goals
question
What are the managerial roles?
answer
Informational, interpersonal, decisional
question
describe the informational role
answer
Collecting, processing, and using information that can affect the completion of the objective
question
describe the interpersonal role
answer
Interacting with superiors, subordinates, outside stakeholders, and other parties that influence or are influenced by the completion of the task
question
describe the decisional role
answer
Selecting from among alternative approaches, and resolving conflicts, dilemmas, or challenges
question
Describe characteristics of leaders
answer
- Influence employees to accomplish objectives - Lead by example; demonstrating personal traits that instill a desire in others to follow - Provide purpose, direction, and motivation to those that follow
question
Describe the job of a manager
answer
- Administers the resources of the organization - Creates budgets, authorizes expenditures and hires employees
question
What are the type of leadership behaviors?
answer
- Autocratic - Democratic - Laissez-faire
question
Describe the two basic approaches to management
answer
Traditional: POSDC (planning organizing staffing directing controlling) Popular: POLC (planning organizing leading controlling)
question
define planning
answer
The process that develops, creates, and implements strategies for the accomplishment of objectives
question
describe the three levels of planning
answer
strategic, tactical, operational
question
How does the planning process begin?
answer
With the creation of strategic plans for the entire organization
question
An organization must thoroughly define its
answer
goals and objectives
question
define goals
answer
an end result of the planning process
question
define objectives
answer
intermediate points that allow you to measure progress toward the goal
question
define organizing
answer
The management function dedicated to the structuring of resources to support the accomplishment of objectives: determining what is to be done, in what order, by whom, by which methods, and according to what timeline
question
define Leading
answer
Leadership encourages the implementation of the planning and organizing functions. Leadership generally addresses the direction and motivation of the human resource
question
define Controlling
answer
monitoring progress toward completion and making necessary adjustments to achieve the desired objectives
question
Steps to solving problems
answer
• Step 1: Recognize and define the problem • Step 2: Gather facts and make assumptions • Step 3: Develop possible solutions • Step 4: Analyze and compare possible solutions • Step 5: Select, implement, and evaluate a solution
question
The Six Ps of information security
answer
- Planning - Policy - Programs - Protection - People - Project Management
question
Types of information security planning
answer
- Incident response planning - Business continuity planning - Disaster recovery planning - Policy planning - Personnel planning - Technology rollout planning - Risk management planning
question
define policy
answer
The set of organizational guidelines that dictates certain behavior within the organization
question
What are the three general categories of policy?
answer
- Enterprise information security policy (EISP) - Issue-specific security policy (ISSP) - System-specific policies (SysSPs)
question
define programs
answer
information security operations specifically managed as separate entities. Ex: SETA
question
describe a physical security program
answer
fire, physical access, gates, guards, etc.
question
define protection
answer
executed through risk management activities including risk assessment and control, protection mechanisms, technologies, and tools
question
define people
answer
The most critical link in the information security program. Include security of personal, SETA.
question
managers must recognize the crucial role of
answer
people in the information security program
question
describe project management
answer
- Identifying and controlling the resources applied to the project - Measuring progress - Adjusting the process as progress is made
question
Information security is a _, not a _
answer
process, not a project
question
define project management
answer
The application of knowledge, skills, tools, and techniques to project activities to meet project requirements
question
The industry best practice for management methodology
answer
PMBoK
question
PMBok Project Integration management
answer
Includes the processes required to coordinate occurs between components of a project
question
PMBoK project plan development
answer
Integrating all project elements into a cohesive plan: Complete goal within the allotted time using only the allotted resources.
question
The core components of PMBok project plan development
answer
- Work time, resources, and project deliverables - Changing one element affects the other two
question
PMBok project scope management
answer
Ensures that project plan includes only those activities necessary to complete it
question
define scope
answer
Ensures that project plan includes only those activities necessary to complete it
question
define project time management
answer
Ensures that project is finished by identified completion date while meeting objectives
question
many missed deadlines are caused by
answer
poor planning
question
What is among the most frequently cited failures in project management
answer
Failure to meet project deadlines
question
Project time management processes
answer
- Activity definition - Activity sequencing - Activity duration estimating - Schedule development - Schedule control
question
define project cost management
answer
Ensures that a project is completed within the resource constraints. Includes resource planning, cost estimating, cost budgeting, and cost control.
question
define project quality management
answer
Ensures project meets project specifications. Includes quality planning, quality assurance and quality control.
question
define project human resource management
answer
Ensures personnel assigned to project are effectively employed. Includes organizational planning, staff acquisition and team development
question
define project communications management
answer
Conveys details of project activities to all involved. Includes communications planning, information distribution, performance reporting and administrative closure
question
define project risk management
answer
Assesses, mitigates, manages, and reduces the impact of adverse occurrences on the project. Includes risk identification, risk quantification, risk response development and risk response control
question
define project procurement
answer
Acquiring needed project resources. Includes procurement planning, solicitation planning, solicitation, source selection, contract administration and contract closeout.
question
define projectitis
answer
Occurs when the project manager spends more time doing project planning than meaningful project work
question
what is the precursor to projectitis
answer
Developing an overly elegant, microscopically detailed plan before gaining consensus for the work required
question
define WBS(work breakdown structure)
answer
Planning tool where project plan is first broken down into a few major tasks, and the minimum attributes for each task are determined with additional attributes added as needed
question
what is the work phase of the WBS
answer
- Phase in which the project deliverables are prepared - Occurs after the project manager has completed the WBS
question
define Network scheduling
answer
Refers to the web of possible pathways to project completion
question
Program Evaluation and Review Technique(PERT)
answer
Most popular, originally developed in the 1950s for government driven engineering projects
question
Three questions of PERT
answer
- How long will this activity take? - What activity occurs immediately before this activity can take place? - What activity occurs immediately after this activity?
question
Determining the critical path using PERT
answer
By identifying the slowest path through the various activities
question
define slack time in PERT
answer
- How much time is available for starting a noncritical task without delaying the project as a whole - Tasks which have slack time are logical candidates for accepting a delay
question
PERT advantages
answer
makes planning large projects easier (pre/post activity identification), determines probability, anticipates system changes, no formal reading
question
PERT disadvantages
answer
Diagrams can be awkward and cumbersome, expensive. Difficulty in estimating task durations
question
define Gantt chart
answer
Easier to design and implement than PERT diagrams w/ same info. List activities on vertical axis, timeline on horizontal
question
A software program is no substitute for
answer
a skilled and experienced project manager
question
a manager must understand how to
answer
define tasks, allocate scarce resources, and manage assigned resources