Information security chp 1-4
How is infrastructure protection (Assuring the security of utility services) related to information security?
-
Which members of an organization are involved in the security systems development life cycle? Who leads the process?
A champion, team leader, security policy developers and risk assessment specialists. Lead would have to be the CEO in the bottom-up approach.
threat agent and a threat
A threat is an event or circumstance with the potential to adversely affect operations and assets, while threat agent follows as the next position in nature to be made by person or to in place acknowledged as a threat source.
What type of security was dominant in the early years of computing?
ARPANET security was dominant in the early years after ARPANET was developed for war as a networking resource. Around the 1970's the network security was referred to network insecurity by all the security violations in range and frequency.
Describe the critical characteristics of information. How are they used in the study of computer security
Accuracy describes how data is free of errors and has the value that the user expects. Authenticity is how data is genuine or original rather than reproduced or fabricated. Availability makes data accessible and is formatted for use that wouldn't cause interference or obstruction. Confidentiality protects data form disclosure or exposure to unauthorized individuals and systems. Integrity is that part that would be responsible for data being whole, complete and uncorrupted. Personally identifiable information(PII) uniquely identifies an individual. Possession is data's ownership or legitimate/authorized control. Utility is the value or usefulness for an end purpose.
Who should lead a security team? Should the approach to security be more managerial or technical?
As mentioned in the text on page 38, Chief information officers have a role to advise the higher rank being the CEO and the lower ranks after like CISO. Team leaders should be required to manage the team, but also know information security technical requirements. Security should have a balance of both understandings in supporting the plans and requirements to be enforced guidelines as a security professional. Including to be as technical for the important skill factor of study to have their integrity of understanding the team to successfully work using the technical tools and trusting themselves to know their teams moves and their own.
How can the practice of information security be described as both an art and a science? How does the view of security as a social science influence its practice?
Based on the level of complexity in information security such as when administrators are compared to the mind of a painter or computer scientists and engineers to perform in conditions that actual scientists do agree upon. To view security as a social science relies to view the position of components integrated as art, of science and to view the image of the people who work on them in the inside interacting with these types of systems. In understanding that the elements of context, technological composure and work quality with these systems involves more advanced upgrades each and every time whether its learned through a fix or ideas built on what they have and want to expand.
How has computer security evolved into modern information security?
Computer security was early recognized as a concept right before it could be named information security. Meanwhile in the early years, information security stood as process composed of predominant physical security and simple document classification schemes.
Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing that these decisions are carried out?
Data owners are to control and to know how to use particular set of information around security for being ultimately responsible. To those who actually do carry out the responsibility of handling the maintenance will be the data custodians.
Who is ultimately responsible for the security of information in the organization?
Data owners are ultimately responsible for the security of information in the organization.
Identify the six components of information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study?
Hardware, software, networks, people, procedures, and data enable information (to be input, processed, output and stored) are the six components of information system.
What was important about RAND Report R-609?
It was a written report first to be published identifying the role of management and policy issues in computer security. Having this released document effected the delivery of study in computer security to society because it included the details of multiple controls and mechanisms used to protect the computerized data processing system.
Why is a methodology important in the implementation of information security? How does a methodology improve the process?
Methodology ensures a rigorous process with a clearly define goal and increases the probability of success, for approaching solutions that will benefit information security with a goal-oriented sequential structure following specific procedures to then surpass even more milestones of security that impressively improves the process.
What is the relationship between the MULTICS project and the early development of computer security?
Multiplexed Information and Computing Service introduced the research on computer security that began surrounding the operating systems physical existence. In time, it offered a newly developed system made in 1969 known to be called UNIX.
Which paper is the foundation of all subsequent studies of computer security?
RAND Report R-609 is the single paper published in February 1970 as the foundation for computer security.
What are the three components of the C.I.A triad? What are they used for?
The three components that describe the utility of information are Confidentiality, Integrity and Availability. The C.I.A enforces the standards for computer security in the industry and government as threats come into the computer systems.
Why is the top-down approach to information security superior to the bottom-up approach?
The top-down approach is said to have a higher probability of succeeding more than the bottom-up approach. The bottom-up would not be as successful for lacking critical features with participant and organization, however top-down has many upper-level managers that would assist in issue policies, procedures and processes. Even with this very successful approach there is a strong upper-management support as a heavily structured organizational influence cultivated with dedication and clear plans.
If the C.I.A. tried is incomplete, why is it commonly used in security?
Threats have evolved and developed in many newly unique and complex styles in all three categories of the C.I.A that each category would have a percentage of where the security is needed much more greatly than the one or other two categories that wouldn't need as much attention to perform maintenance. At times it would have to be all three that would show the need to have all three complete.
vulnerability and exposure
Vulnerability is a potential weakness in an asset or its defensive control system(s). Exposure would mean a condition or state of being exposed; in information security, exposure exists when a vulnerability is known to an attacker.
What system is the predecessor of almost all modern multiuser systems?
What system is the predecessor of almost all modern multiuser systems?