Principles of Information Security Chapter 1

¡Supera tus tareas y exámenes ahora con Quizwiz!

methodology

A formal approach to solving a problem based on a structured sequence of procedures

McCumber Cube

A graphical representation of the architectural approach widely used in computer and information security; commonly shown as a cube composed of 3x3x3 cells, similar to a Rubik's Cube

community interest

A group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objects

bottom-up approach

A method of establishing security policies and/or practices that begins as a grassroots effort in which systems administrators attempt to improve the security of their systems

software assurance (SA)

A methodological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages

systems development life cycle (SDLC)

A methodology for the design and implementation of an information system

top-down approach

A methodology of establishing security policies that is initiated by upper management

personally identifiable information (PII)

A set of information that could uniquely identify an individual

project team

A small functional team of people who are experienced in one or multiple facets of the required technical and nontechnical areas for the project to which they are assigned

security

A state of being secure and free form danger or harm

network security

A subset of communications security; the protection of voice and data networking components, connections, and content

waterfall model

A type of SDLC in which each phase of the process "flows from" the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments

utility

An attribute of information that describes how data has value or usefulness for an end purpose

availability

An attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction

accuracy

An attribute of information that describes how data is free of errors and has the value that the user expects

authenticity

An attribute of information that describes how data is genuine or original rather than reproduced or fabricated

confidentiality

An attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems

integrity

An attribute of information that describes how data is whole, complete, and uncorrupted

possession

An attribute of information that describes how the data's ownership or control is legitimate or authorized

chief information officer (CIO)

An executive-level position that oversees the organization's computing technology and strives to create efficiency in the processing and access of the organization's information

computer security

In the early days of computers, this term specified the need to secure the physical location of computer technology from outside threats. This term later came to represent all actions taken to preserve computer systems from losses. It has evolved into the current concept of information security as the scope of protecting information in an organization has expanded

data owners

Individuals who control (and are therefore responsible for) the security and use of a particular set of information. Data owners may rely on custodians for the practical aspects of protecting their information, specifying which users are authorized to access it, but they are ultimately responsible for it

data custodians

Individuals who work directly with data owners and are responsible for storage, maintenance, and protection of information

data users

Internal and external stakeholders (customers, suppliers, and employees) who interact with information in support of their organization's planning and operations

information security

Protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology

information system (IS)

The entire set of software, hardware, data, people, procedures, and networks that enable the use of information resources in the organization

C.I.A. triad

The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information: confidentiality, integrity, and availability

communications security

The protection of all communications media, technology, and content

physical security

The protection of physical items, objects, or areas from unauthorized access and misuse

chief information security officer (CISO)

Typically considered the top information security officer in an organization. The CISO is usually not an executive-level position, and frequently the person in this role reports to the CIO


Conjuntos de estudio relacionados

Quiz 10: Cost leadership and differentation strategies

View Set

Mastering Geology Chapter. 14: Ground Water

View Set

Praxis questions "National SLP Examination Review and Study Guide" Exam C

View Set

Renal, Urinary, and Reproductive Systems Adaptive Quizzing

View Set

Nurs. 120 - Ch. 9 Cultural Awareness

View Set