CTC 362 Quiz 1, Part 1

¡Supera tus tareas y exámenes ahora con Quizwiz!

what is security

"A state of being secure and free from danger or harm; the actions taken to make someone or something secure."

Using a methodology:

-Ensures a rigorous process with a clearly defined goal -Increases probability of success

SDLC waterfall consists of

-Investigation - Analysis - Logical Design - Physical Design - Implementation -Maintains and Change

Initiated by upper management (Top-Down Approach)

-Issue policy, procedures, and processes -Dictate goals and expected outcomes of project -Determine accountability for each required action

Fundamental problems with ARPANET security were identified

-No safety procedures for dial-up connections to ARPANET -Nonexistent user identification and authorization to system

A successful organization should have multiple layers of security in place to protect which are?

-Operations -Physical infrastructure -People -Functions -Communications -Information

Information system (IS) is the entire set of people, procedures, and technology that enable business to use information.

-Software -Hardware -Data -People -Procedures -Networks

Analysis Consists of assessments of: (SDLC)

-The organization -Current systems -Capability to support proposed systems

The value of information comes from the characteristics it possesses:

Availability Accuracy Authenticity Confidentiality Integrity Utility Possession

Investigation begins

Begins with an enterprise information security policy (EISP)‏ -Outlines implementation of a security program within the organization Organizational feasibility analysis is performed.

(SecSDLC) involves

It involves identifying specific threats and creating specific controls to counter them.

Maintenance and Change (SDLC)

Longest and most expensive phase Consists of the tasks necessary to support and modify the system for the remainder of its useful life Life cycle continues until the team determines the process should begin again from the investigation phase. When current system can no longer support the organization's mission, a new project is implemented.

Early focus of computer security research centered on a system called

Multiplexed Information and Computing Service (MULTICS)‏.

Implementation (SDLC)

Needed software is created. Components are ordered, received, and tested. Users are trained and supporting documentation created. Feasibility analysis is prepared. -Sponsors are presented with the system for a performance review and acceptance test.

Seldom works, as it lacks a number of critical features: (Bottom-Up Approach)

Participant support and Organizational staying power

The scope of computer security grew from physical security to include:

Securing the data Limiting random and unauthorized access to data Involving personnel from multiple levels of the organization in information security

Physical Design (SDLC)

Specific technologies are selected to support the alternatives identified and evaluated in the logical design. Selected components are evaluated on make-or-buy decision. Feasibility analysis is performed. -Entire solution is presented to organization's management for approval.

Grassroots effort (Bottom-Up Approach)

Systems administrators attempt to improve security of their systems.

Logical Design (SDLC)

The first and driving factor is the business need. -Applications are selected to provide needed services. Data support and structures capable of providing the needed inputs are identified. Specific technologies are delineated to implement the physical solution. Analysts generate estimates of costs and benefits to allow comparison of available options. Feasibility analysis is performed at the end.

The Security Systems Development Life Cycle (SecSDLC)

The same phases used in traditional SDLC can be adapted to support implementation of an IS project.

A computer can be the subject of an attack and/or the object of an attack True/False

True

Groups developing code-breaking computations during World War II created the first modern computers. True/False

True

Impossible to obtain perfect information security—it is a process, not a goal. True/False

True

Several MULTICS key players created

UNIX

Investigation (SDLC)

What problem is the system being developed to solve? Objectives, constraints, and scope of project are specified. Preliminary cost-benefit analysis is developed. At the end of all phases, a process is undertaken to assess economic, technical, and behavioral feasibilities and ensure implementation is worth the time and effort.

Methodology:

a formal approach to solving a problem based on a structured sequence of procedures

The most successful type of top-down approach also involves a

a formal development strategy referred to as systems development life cycle.

Systems development life cycle (SDLC):

a methodology for the design and implementation of an information system

C.I.A. triangle is?

a standard based on 1)confidentiality, 2)integrity, and 3)availability, now viewed as inadequate. Expanded model consists of a list of critical characteristics of information.

To achieve balance, the level of security must allow reasonable

access, yet protect against threats.

Computer security began immediately

after the first mainframes were developed.

in the 1990 In early Internet deployments, security was treated

as a low priority.

Growing threat of cyber attacks has increased the

awareness of need for improved security. Nation-states engaging in information warfare

In the 1990 Networks of computers became more

common, as did the need to connect them to each other.

Late 1970s: The microprocessor expanded

computing capabilities and security threats.

in the 1990 Initially, network connections were based on

de facto standards.

Analysts determine what new system is

expected to do and how it will interact with existing systems.

Analysis ends with documentation of

findings and an update of feasibility.

Mainframe, time-sharing OS was developed

in the mid-1960s by General Electric (GE), Bell Labs, and Massachusetts Institute of Technology (MIT)‏.

In 1993, DEFCON conference was established for those

interested in information security.

Multics was the first

operating system was created with security integrated into core functions.

Rudimentary is defending against

physical theft, espionage, and sabotage

Investigation Identifies

process, outcomes, goals, and constraints of the project

SecSDLC is a coherent

program rather than a series of random, seemingly unconnected actions.

Security should be considered a balance between

protection and availability.

Traditional SDLC consists of

six general phases.

Key advantage (Bottom-Up Approach)

technical expertise of individual administrators

Larry Roberts developed

the ARPANET from its inception.

Advanced Research Project Agency (ARPA) began to examine

the feasibility of redundant networked communications

in the 1990 Internet became

the first global network of networks.

in the 2000 The ability to secure a computer's data was influenced by

the security of every computer to which it is connected

in the 2000 The Internet brings millions of

unsecured computer networks into continuous communication with each other.

Information security began

with Rand Report R-609 (paper that started the study of computer security and identified the role of management and policy issues in it)‏.


Conjuntos de estudio relacionados

Unit 3 - Elimination - Class Notes & NCO

View Set

Organizational Behavior Multiple Choice Questions

View Set

CSCC Math 1116 Part 2: Graph Ch. 2, 3, 4

View Set

Mod 6: Psychosocial Conditions & Interventions Part 4

View Set