cyber quiz 1
3 fundamental problems with ARPANET security
- vulnerability of password structure and formats - lack of safety procedures for dial up connections - nonexistent user identification and authorizations
an information system is the entire set of _______, people, procedures, and networks that enable the use of information resources in the organization
-software -hardware -data
______ is a network project that proceeded the internet
ARPANET
the ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization
CISO
in 1993, the first _____ conference was held in Las Vegas. Originally, it was established as a gathering for people interested in information security, including authors, lawyers, government employee, and law enforcement officials
DEFCON
Using a methodology will usually have no effect on the probability of success.
False
Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks.
False, its the people
The community of interest made up of IT managers and skilled professionals in systems design, programming, networks, and other related disciplines is called _____
Information technology management and professionals
_____ was the first operating system to integrate security as one of its core functions
MULTICS
_____ has become a widely accepted evaluation standard for training and education related to the security of information systems and is hosted by CNSS
NSTISSI No. 4011
A breach of possession may not always result in a breach of confidentiality.
True
A subject or object's ability to use, manipulate, modify, or affect another subject or object is known as ___________.
access
_____ of information is the quality or state of being genuine or original
authenticity
_____ enables authorized users-people or computer systems to access information without interference or obstruction and to receive it in the required format
availability
During the ____________________ War, many mainframes were brought online to accomplish more complex and sophisticated tasks so it became necessary to enable the mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers.
cold
a _____ is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives
community of interest
in an organization, the value of ____ of information is especially high when it involves personal information about employees, customers, or patients
confidentiality
The Internet brought ____________________ to virtually all computers that could reach a phone line or an Internet-connected local area network.
connectivity
a _____ works directly with data owners and is responsible for the storage, maintenance, and protection of the infromation
data custodian
A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection.
direct
a technique to compromise a system is known as a
exploit
the role of the project manager--typically an executive such as a chief information officer or the vice president of information technology--in this effort cannot be overstated
false
information security can be an absolute
false (idk what this means)
The possession of information is the quality or state of having value for some purpose or end.
false - its utility
Information has redundancy when it is free from mistakes or errors and it has the value that the user expects
false, its accuracy
the history of information security begins with the concept of communications security
false, its computer security
A(n) hardware system is the entire set of people, procedures, and technology that enable business to use information.
false, its information system
E-mail spoofing involves sending an e-mail message with a harmful attachment.
false, spoofing is impersonating
A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.
false, team leader is
when a computer is the subject of an attack, it is the entity being attacked
false, thats the object
The bottom-up approach to information security has a higher probability of success than the top-down approach
false, top down is better
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value.
hash
the senior technology officer is typically the chief ____ officer
information
The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________.
information security
Information has ____________________ when it is whole, complete, and uncorrupted.
integrity
individuals who control, and therefore ultimately responsible for, the security and use of a particular set of information are known as data ____
owners
____ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse
physical
during the early years, information security was a straightforward process composed predominantly of _____ security and simple document classification schemes
physical
The protection of tangible items, objects, or areas from unauthorized access and misuse is known as ___________.
physical security
the ______ of information is the quality or state of ownership or control of some object or item
possession
Software is often created under the constraints of ________ management, placing limits on time, cost, and manpower.
project
a(n) ____ should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas
project team
the probability of an unwanted occurrence, such as an advent event or loss, is known as a
risk
a computer is the ______ of an attack when it is used to conduct an attack against another computer
subject
People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role.
system administrators
Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) __________.
threat
Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system.
true
RAND Report R-609 was the first widely recognized published document to identify the role of management and policy issues in computer security. ______
true
a project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and non-technical areas
true
during the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage
true
every organization, whether public or private and regardless of size, has the information it wants to protect
true
the roles of information security professionals focus on protecting the organizations information systems and stored information from attacks
true
the value of information comes from the characteristic it possesses
true
to achieve balance-that is, to operate an information system that satisfies the user and the security professional-the security level must allow reasonable access, yet protect against threats
true
when unauthorized individuals or systems can view information, confidentiality is breached
true
individuals who are assigned the task of managing a particular set of information and coordinating its protection, storage, and use are known as data ____
trustees - its sounds like custodians but its the key word was a particular set of info
the famous study entitled "protection analysis: final report" focused on a project undertaken by ARPA to understand and detect _____ in operating systems security
vulnerabilites
a potential weakness in an asset or its defensive control system is known as a
vulnerability