Information Security Ch. 1
____ is the origin of today's Internet.
ARPANET
The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.
CISO
Which of the following is a valid type of data ownership?
Data custodians, Data users, and Data owners
A champion is a project manager, who may be a departmental line manager or staff unit manager, who understands project management, personnel management, and information security technical requirements.
False
An E-mail virus involves sending an e-mail message with a modified field.
False
Applications systems developed within the framework of the traditional SDLC are designed to anticipate a vicious attack that would require some degree of application reconstruction.
False
In general, protection is "the quality or state of being secure—to be free from danger."
False
The Security Development Life Cycle (SDLC) is a methodology for the design and implementation of an information system in an organization.
False
The bottom-up approach to information security has a higher probability of success than the top-down approach.
False
The possession of information is the quality or state of having value for some purpose or end.
False
____ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.
Physical
The ____ is a methodology for the design and implementation of an information system in an organization.
SDLC
A computer is the ____ of an attack when it is used to conduct the attack.
Subject
A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information.
True
A methodology increases the probability of success.
True
A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas.
True
Confidentiality ensures that only those with the rights and privileges to access information are able to do so.
True
Of the two approaches to information security implementation, the top-down approach has a higher probability of success.
True
The investigation phase of the SecSDLC begins with a directive from upper management.
True
The value of information comes from the characteristics it possesses.
True