Information Security Chapter 1 – Flashcards
Unlock all answers in this set
Unlock answersquestion
A breach of possession always results in a breach of confidentiality.
answer
False
question
During the early years, information security was a straightforward process composed predominantly of ____________________ security and simple document classification schemes.
answer
Physical
question
Which of the following is a valid type of data ownership?
answer
Data Users, Data Owners and Data Custodians
question
____ is the predecessor to the Internet.
answer
Arpanet
question
A(n) ____ attack is a hacker using a personal computer to break into a system.
answer
Direct
question
In an organization, the value of ____________________ of information is especially high when it involves personal information about employees, customers, or patients.
answer
Confidentiality
question
The ____ model consists of six general phases.
answer
Waterfall
question
Key end users should be assigned to a developmental team, known as the united application development team.
answer
False
question
A(n) _________________________ is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives.
answer
Community of Interest
question
The primary threats to security during the early years of computers were physical theft of equipment, espionage against the products of the systems, and sabotage.
answer
True
question
A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information.
answer
True
question
The physical design is the blueprint for the desired solution.
answer
False
question
The ____________________ of information is the quality or state of ownership or control of some object or item.
answer
Possession
question
The Internet brought connectivity to virtually all computers that could reach a phone line or an Internet-connected local area ____________________.
answer
Network
question
The history of information security begins with the history of ____________________ security.
answer
Computer
question
MULTICS stands for Multiple Information and Computing Service.
answer
False
question
During the ____________________ War, many mainframes were brought online to accomplish more complex and sophisticated tasks so it became necessary to enable the mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers.
answer
Cold
question
Recently, many states have implemented legislation making certain computer-related activities illegal.
answer
True
question
Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, which is often referred to as a bottom-up approach.
answer
True
question
A famous study entitled "Protection Analysis: Final Report" was published in ____.
answer
1978
question
Risk evaluation is the process of identifying, assessing, and evaluating the levels of risk facing the organization, specifically the threats to the organization's security and to the information stored and processed by the organization.
answer
False
question
The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).
answer
False
question
Of the two approaches to information security implementation, the top-down approach has a higher probability of success.
answer
True
question
____ presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.
answer
NSTISSI No. 4011
question
An e-mail virus involves sending an e-mail message with a modified field.
answer
False
question
Organizations are moving toward more ____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product.
answer
Security
question
____ of information is the quality or state of being genuine or original.
answer
Authenticity
question
In the ____________________ approach, the project is initiated by upper-level managers who issue policy, procedures and processes, dictate the goals and expected outcomes, and determine accountability for each required action.
answer
Top-Down
question
Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system.
answer
True
question
The ____________________ component of the IS comprises applications, operating systems, and assorted command utilities.
answer
Software
question
People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role.
answer
System Administrator
question
Information has redundancy when it is free from mistakes or errors and it has the value that the end user expects.
answer
False
question
The most successful kind of top-down approach involves a formal development strategy referred to as a ____.
answer
Systems Development life cycle
question
____ was the first operating system to integrate security as its core functions.
answer
MULTICS
question
Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks.
answer
False
question
____ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.
answer
Physical
question
Part of the logical design phase of the SecSDLC is planning for partial or catastrophic loss. ____ dictates what steps are taken when an attack occurs.
answer
Incidence Response
question
A frequently overlooked component of an IS, ____________________ are written instructions for accomplishing a specific task.
answer
Procedures
question
The investigation phase of the SecSDLC begins with a directive from upper management.
answer
True
question
Policies are written instructions for accomplishing a specific task.
answer
False
question
____________________ enables authorized users — persons or computer systems — to access information without interference or obstruction and to receive it in the required format.
answer
Availability
question
The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.
answer
CISO
question
The ____________________ phase consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems.
answer
Analysis
question
____________________ of information is the quality or state of being genuine or original, rather than a reproduction or fabrication.
answer
Authenticity
question
A computer is the ____________________ of an attack when it is the target entity.
answer
Object
question
The possession of information is the quality or state of having value for some purpose or end.
answer
False
question
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a ____ value.
answer
Hash
question
During the ____ phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design.
answer
Physical Design
question
Direct attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat.
answer
False
question
The CNSS model of information security evolved from a concept developed by the computer security industry known as the ____________________ triangle.
answer
CIA
question
The roles of information security professionals are aligned with the goals and mission of the information security community of interest.
answer
True
question
Using a methodology increases the probability of success.
answer
True
question
Confidentiality ensures that only those with the rights and privileges to access information are able to do so.
answer
True
question
An information system is the entire set of ____, people, procedures, and networks that make possible the use of information resources in the organization.
answer
Hardware, Software, Data
question
The senior technology officer is typically the chief ____________________ officer.
answer
Information
question
A(n) ____________________ is a formal approach to solving a problem by means of a structured sequence of procedures.
answer
Methodology
question
A(n) ____________________ information security policy outlines the implementation of a security program within the organization.
answer
Enterprise
question
Which of the following phases is the longest and most expensive phase of the systems development life cycle?
answer
Maintenance and Change
question
In general, protection is "the quality or state of being secure—to be free from danger."
answer
False
question
____________________ carries the lifeblood of information through an organization.
answer
Software
question
To achieve balance — that is, to operate an information system that satisfies the user and the security professional — the security level must allow reasonable access, yet protect against threats.
answer
True
question
A champion is a project manager, who may be a departmental line manager or staff unit manager, and understands project management, personnel management, and information security technical requirements.
answer
False
question
The Analysis phase of the SecSDLC begins with a directive from upper management.
answer
False
question
A computer is the ____ of an attack when it is used to conduct the attack.
answer
Subject
question
Information security can be an absolute.
answer
False
question
The ____ is a methodology for the design and implementation of an information system in an organization.
answer
SDLC
question
Network security focuses on the protection of the details of a particular operation or series of activities.
answer
False
question
Applications systems developed within the framework of the traditional SDLC are designed to anticipate a software attack that requires some degree of application reconstruction.
answer
False
question
The value of information comes from the characteristics it possesses.
answer
True
question
Information has ____________________ when it is whole, complete, and uncorrupted.
answer
Integrity
question
The bottom-up approach to information security has a higher probability of success than the top-down approach.
answer
False
question
When a computer is the subject of an attack, it is the entity being attacked.
answer
False
question
In information security, salami theft occurs when an employee steals a few pieces of information at a time, knowing that taking more would be noticed — but eventually the employee gets something complete or useable.
answer
True
question
The Security Development Life Cycle (SDLC) is a methodology for the design and implementation of an information system.
answer
False
question
A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas.
answer
True