Quiz 1 CYB 155
_________ is a network project that preceded the Internet.
ARPANET
An information system is the entire set of __________, people, procedures, and networks that enable the use of information resources in the organization.
All of the above
Which of the following is a valid type of role when it comes to data ownership?
All of the above
An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n) ___________.
Asset
__________ of information is the quality or state of being genuine or original.
Authenticity
The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.
CISO
The protection of all communications media, technology, and content is known as ___________.
Communication Security
An emerging methodology to integrate the effort of the development team and the operations team to improve the functionality and security of applications is known as __________.
DevOps
A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection.
Direct
A technique used to compromise a system is known as a(n)
Exploit
A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.
False
A(n) hardware system is the entire set of people, procedures, and technology that enable business to use information.
False
Information security can be an absolute.
False
The bottom-up approach to information security has a higher probability of success than the top-down approach.
False
The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).
False
The possession of information is the quality or state of having value for some purpose or end.
False
The water-ski model is a type of SDLC in which each phase of the process flows from the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments.
False
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value.
Hash value
The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________.
Information Security
was the first operating system to integrate security as one of its core functions.
MULTICS
__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.
Physical
During the __________ phase, specific technologies are selected to support the alternatives identified and evaluated in the prior phases.
Physical Design
The protection of tangible items, objects, or areas from unauthorized access and misuse is known as ___________.
Physical Security
People with the primary responsibility for administering the systems that house the information used by the organization perform the role of ____.
System Administrators
A breach of possession may not always result in a breach of confidentiality.
True
During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.
True
Of the two approaches to information security implementation, the top-down approach has a higher probability of success.
True
To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access, yet protect against threats.
True
When unauthorized individuals or systems can view information, confidentiality is breached. _________________________
True
A subject or object's ability to use, manipulate, modify, or affect another subject or object is known as ___________.
access
Hardware is often the most valuable asset possessed by an organization, and it is the main target of intentional attacks.
false
SecOps focuses on integrating the need for the development team to provide iterative andrapid improvements to system functionality and the need for the operations team to improvesecurity and minimize the disruption from software release cycles.
false
The Analysis phase of the SDLC examines the event or plan that initiates the process and specifies the objectives, constraints, and scope of the project. _________________________
false
A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information.
true
Confidentiality ensures that only those with the rights and privileges to access information are able to do so. _________________________
true
In the physical design phase, specific technologies are selected.
true
Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, often referred to as the bottom-up approach.
true
The value of information comes from the characteristics it possesses.
true
A type of SDLC in which each phase has results that flow into the next phase is called the __________ model.
waterfall