Principles of Information Security Ch. 1 Self-Quiz
SDLC methodology
A formal approach to solving a problem based on a structured sequence of procedures is called a(n) ___.
authenticity
If information has a state of being genuine or original and is not a fabrication, it has the characteristic of ___.
possession
Ownership or control of information is called the characteristic of ___.
Advanced Research Project Agency
What does ARPA stand for?
The Rand Report R-609
Which DoD report attempted to define the multiple control mechanisms necessary for the protection of a multilevel computer system?
champion
A senior executive who promotes an information security project and ensures its support, both financially and administratively, at the highest levels of the organization, is called a(n) ___.
bottom-up
Information security programs that begin at a grassroots level by system administrators to improve security are often called the ___ approach.
confidentiality
The characteristic of information that deals with preventing disclosure is ___.
information security management and professionals, information technology management and professionals, organizational management and professionals
What are the three most commonly encountered communities of interest which have roles and responsibilities in information security?
physical security
What is the security that addresses the issues needed to protect items, objects, or areas?
personal security
What is the security that addresses the protection of individuals or groups authorized to access an organization?
communications security
What is the security that encompasses the protection of an organization's communications media, technology, and content?
MULTICS
What was the name of the now-obsolete operating system designed for security objectives?
the object of an attack
When a computer is the information asset that is being attacked, it is considered ___.
the subject of an attack
When a computer is used as an active tool to conduct an attack on another information asset, that computer is then considered ___.
top-down
When projects are initiated at the highest levels of an organization and then pushed to all levels, they are said to follow a(n) ___ approach.
analysis
Which SecSDLC phase identifies information assets?
maintenance and change
Which SecSDLC phase keeps the security systems in a high state of readiness?
the data owner
Who is the person responsible for the security and use of a particular set of information?
the data custodian
Who is the person responsible for the storage, maintenance, and protection of the information?
art, science
With the level of complexity in today's information systems, the implementation of information security has often been described as a combination of ___ and ___.
social science
___ examines the behavior of individuals as they interact with systems, whether societal systems or information systems.
