Information Security Final Exam Study Guide – Flashcards

During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.

Network security focuses on the protection of the details of a particular operation or series of activities.

The value of information comes from the characteristics it possesses.

When a computer is the subject of an attack, it is the entity being attacked.

An e-mail virus involves sending an e-mail message with a modified field.

The possession of information is the quality or state of having value for some purpose or end.

A breach of possession always results in a breach of confidentiality.

Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks.

Information security can be an absolute.

To achieve balance — that is, to operate an information system that satisfies the user and the security professional — the security level must allow reasonable access, yet protect against threats.

The bottom-up approach to information security has a higher probability of success than the top-down approach.

Using a methodology increases the probability of success.

The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).

The investigation phase of the SecSDLC begins with a directive from upper management.

The physical design is the blueprint for the desired solution.

Many states have implemented legislation making certain computer-related activities illegal.

Applications systems developed within the framework of the traditional SDLC are designed to anticipate a software attack that requires some degree of application reconstruction.

A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.

A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information.

The roles of information security professionals are almost always aligned with the goals and mission of the information security community of interest.

MULTICS stands for Multiple Information and Computing Service.

According to the CNSS, networking is "the protection of information and its critical elements."

Direct attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat.

Information has redundancy when it is free from mistakes or errors and it has the value that the end user expects.

When unauthorized individuals or systems can view information, confidentiality is breached.

Confidentiality ensures that only those with the rights and privileges to access information are able to do so.

Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system.

Policies are detailed written instructions for accomplishing a specific task.

Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, often referred to as the bottom-up approach.

Key end users should be assigned to a developmental team, known as the united application development team.

Of the two approaches to information security implementation, the top-down approach has a higher probability of success.

The Security Development Life Cycle (SDLC) is a general methodology for the design and implementation of an information system.

The Analysis phase of the SecSDLC begins the methodology initiated by a directive from upper management.

Risk evaluation is the process of identifying, assessing, and evaluating the levels of risk facing the organization, specifically the threats to the organization's security and to the information stored and processed by the organization.

A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas.

__________ is a network project that preceded the Internet.

The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security.

_________ was the first operating system to integrate security as its core functions.

__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.

A server would experience a __________ attack when a hacker compromises it to acquire information from it from a remote location using a network connection.

A computer is the __________ of an attack when it is used to conduct an attack against another computer.

__________ of information is the quality or state of being genuine or original.

In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value

__________ has become a widely accepted evaluation standard for training and education related to the security of information systems.

An information system is the entire set of __________, people, procedures, and networks that make possible the use of information resources in the organization. A) software B) hardware C) data D) All of the above

A methodology for the design and implementation of an information system that is a formal development strategy is referred to as a __________.

A variation of n SDLC that can be used to implement information security solutions in an organizations with little or no formal security in place is the __________.

A type of SDLC where each phase has results that flow into the next phase is called the __________ model.

During the __________ phase, specific technologies are selected to support the alternatives identified and evaluated in the prior phases.

Which of the following phases is often considered the longest and most expensive phase of the systems development life cycle?