CIS Study and chapter 1

¡Supera tus tareas y exámenes ahora con Quizwiz!

The key characteristics of information security:

1. confidentiality 2. integrity 3. availability

management

administrates resources of the organization, creates budgets, authorizes expenditures, and recruits, hires, evaluates, and terminates employees.

Technical Obsolescence

antiquated or outdated infrastructure can lead to unreliable and untrustworthy systems.

Pasword cracking

brute force attack dictionary password attack rainbow tables social engineering password attacks

software attacks

can be used to overwhelm the processing capabilities of online systems or to gain access to protected systems by hidden means

forces of nature

civil disorder, acts of war, fire, flood, earthquake, landslide or mudslide, tornadoes, tsunami.

1. The process of integrating the governance of the physical security and information security efforts is known in the industry as __________.

convergence

sabotage or vandalism

deliberate sabotage of a computer system or business or acts of vandalism to destroy an asset or the damage the image of an organization.

availability

describes how data is accessible and correctly formatted for use without interference or obstruction.

1. Ethics carry the sanction of a governing authority.

false

One form of online vandalism is __________, in which individuals interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.

hacktivism

Confidentiality

how data is protected from disclosure or exposure to unauthorizes individuals or systems.

__________ is the collection and analysis of information about an organization's business competitors, often through illegal or unethical means, to gain an unfair edge over them.

industrial espionage

leadership

influences employees so that they are willing to accomplish objectives, and its expected to lead by example and demonstrate personal traits that instill a desire in others to follow.

deviations in quality of service

irregularities in internet service, communications, and power supplies can dramatically affect the availability of information systems.

types of software attacks

malware, back doors, denial of service, email attacks, communication interception attacks

Which of the following explicitly declares the business of the organization and its intended areas of operations?

mission statement

activism in the digital age

online activism, cyberterrorism, and cyber software, positive online activism

Which subset of civil law regulates the relationships among individuals and among individuals and organizations?

private

theft

the value of information is diminished when it is copied without owners knowledge.

information extortion

theft of credit card numbers

A(n) __________ is a potential weakness in an asset or its defensive control(s).

vulnerability

1. Which of the following is true about planning?

strategic planning are used to create tactical plans

Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) __________.

threat

compromises to intellectual property

trade secret, patent, copyright

1. A clearly directed strategy flows from top to bottom rather than from bottom to top.

true

1. Deterrence is the best method for preventing an illegal or unethical activity. ____________

true

1. The Secret Service is charged with the detection and arrest of any person who commits a U.S. federal offense relating to computer fraud, as well as false identification crimes.

true

1. Values statements should be ambitious; after all, they are meant to express the aspirations of an organization. ____________

true

Due diligence requires that an organization make a valid and ongoing effort to protect others.

true

The Gramm-Leach-Bliley (GLB) Act, also known as the Financial Services Modernization Act of 1999, contains a number of provisions that affect banks, securities firms, and insurance companies.

true

Today's InfoSec systems need constant monitoring, testing, modifying, updating, and repairing.

true

espionage or tresspass

unauthorized person gains access to a firms information. When information gathers employ techniques that cross a legal or ethical threshold.

human error or failure

when people use info systems, mistakes happen, similar errors happen when people fail to follow established policy. Inexperience, improper training, and incorrect assumptions.

technical hardware failures

Occur when a manufacturer distributes equipment containing a known or unknown flaw. These defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability.

1. A process that defines what the user is permitted to do is known as __________.

authenication

integrity

describes how data is whole, complete, and uncorrupted.

Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past?

descriptive ethics


Conjuntos de estudio relacionados

Biochem II Ch. 26: RNA Metabolism

View Set

T/GEOMETRY - UNIT 4 CONGRUENT TRIANGLES AND QUADRILATERALS

View Set

male and female reproductive system quizzes

View Set

Cognitive Psychology: Concepts and Generic Knowledge

View Set

Fed Goc chapter 9,10,11,12, Government: Chapters 6-11, Government - Chapter 11 Quiz

View Set