CIS Study and chapter 1
The key characteristics of information security:
1. confidentiality 2. integrity 3. availability
management
administrates resources of the organization, creates budgets, authorizes expenditures, and recruits, hires, evaluates, and terminates employees.
Technical Obsolescence
antiquated or outdated infrastructure can lead to unreliable and untrustworthy systems.
Pasword cracking
brute force attack dictionary password attack rainbow tables social engineering password attacks
software attacks
can be used to overwhelm the processing capabilities of online systems or to gain access to protected systems by hidden means
forces of nature
civil disorder, acts of war, fire, flood, earthquake, landslide or mudslide, tornadoes, tsunami.
1. The process of integrating the governance of the physical security and information security efforts is known in the industry as __________.
convergence
sabotage or vandalism
deliberate sabotage of a computer system or business or acts of vandalism to destroy an asset or the damage the image of an organization.
availability
describes how data is accessible and correctly formatted for use without interference or obstruction.
1. Ethics carry the sanction of a governing authority.
false
One form of online vandalism is __________, in which individuals interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
hacktivism
Confidentiality
how data is protected from disclosure or exposure to unauthorizes individuals or systems.
__________ is the collection and analysis of information about an organization's business competitors, often through illegal or unethical means, to gain an unfair edge over them.
industrial espionage
leadership
influences employees so that they are willing to accomplish objectives, and its expected to lead by example and demonstrate personal traits that instill a desire in others to follow.
deviations in quality of service
irregularities in internet service, communications, and power supplies can dramatically affect the availability of information systems.
types of software attacks
malware, back doors, denial of service, email attacks, communication interception attacks
Which of the following explicitly declares the business of the organization and its intended areas of operations?
mission statement
activism in the digital age
online activism, cyberterrorism, and cyber software, positive online activism
Which subset of civil law regulates the relationships among individuals and among individuals and organizations?
private
theft
the value of information is diminished when it is copied without owners knowledge.
information extortion
theft of credit card numbers
A(n) __________ is a potential weakness in an asset or its defensive control(s).
vulnerability
1. Which of the following is true about planning?
strategic planning are used to create tactical plans
Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) __________.
threat
compromises to intellectual property
trade secret, patent, copyright
1. A clearly directed strategy flows from top to bottom rather than from bottom to top.
true
1. Deterrence is the best method for preventing an illegal or unethical activity. ____________
true
1. The Secret Service is charged with the detection and arrest of any person who commits a U.S. federal offense relating to computer fraud, as well as false identification crimes.
true
1. Values statements should be ambitious; after all, they are meant to express the aspirations of an organization. ____________
true
Due diligence requires that an organization make a valid and ongoing effort to protect others.
true
The Gramm-Leach-Bliley (GLB) Act, also known as the Financial Services Modernization Act of 1999, contains a number of provisions that affect banks, securities firms, and insurance companies.
true
Today's InfoSec systems need constant monitoring, testing, modifying, updating, and repairing.
true
espionage or tresspass
unauthorized person gains access to a firms information. When information gathers employ techniques that cross a legal or ethical threshold.
human error or failure
when people use info systems, mistakes happen, similar errors happen when people fail to follow established policy. Inexperience, improper training, and incorrect assumptions.
technical hardware failures
Occur when a manufacturer distributes equipment containing a known or unknown flaw. These defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability.
1. A process that defines what the user is permitted to do is known as __________.
authenication
integrity
describes how data is whole, complete, and uncorrupted.
Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past?
descriptive ethics