Chapter 1
Fundamental problem with ARPANET security:
A. No safety procedures for dial-up connections to ARPANET. B. Nonexistent user identification and authorization to system. C. Individual remote sites did not have sufficient controls and safeguards to protect data from unauthorized remote users. D. Vulnerability of password structure and formats E. Lack of safety procedures for dial-up connections
__________ enables authorized users - people or computer systems - to access information without interference or obstruction and to receive it in the required format
Availability
The CNSS model of information security evolved from a concept developed by the computer security industry known as the _____ triad
CIA
A(n) _______ is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives.
Communnity of interest
Which of the following is a valid type of role when it comes to data ownership?
Data owners Data users Data Custodians All of the above
Data ownership and their respective responsibilities:
Data owners - senior management responsible for the security and use of particular set of information Data users - Have access information and thus an information security role Data Custodians - Responsible for information on and systems that process, transmit, and store it. Data trustees: appointed by data owners to see the over management and coordinate with data custodians for its storage, protection, and use.
A technique used to compromise a system is known as a(n) ___________.
Exploit
Information has redudancy when it is free from mistakes or errors and it has the value that the end user expects.
False
The possession of information is the quality or state of having value for some purpose or end.
False
The role of the project manager- typically an executive such as a chief information officer (CIO) or the vice president of information technology (VP-IT) -- in this effort cannot be overstated.
False
Using a methodology will usually have no effect on the probability of success.
False
The community of interest made up of IT managers and skilled professionals in systems design, programming, networks, and other related disciplines is called ______.
Information Technology Management and Professionals, yes
Information has ____ integrity when it is whole, complete, and uncorrupted.
Integrity
During the early years, information security was a straightforward process composed predominantly of _____security and simple document classification schemes.
Physical
The _______ of information is the quality or state of ownership or control of some object or item.
Possession
An information system is the entire set of __________, people, procedures, and networks that enable the use of information resources in the organization.
Software, data, hardware, people, procedures, and network that enable the use of information resources in the organization
People with the primary responsibility for administering the systems that house the information used by the organization perform the role of ________
System administrators
Describe the multiple types of security systems present in many organizations.
There are many types of security: physical security - items and physical asset such as server, and etc... personal security - policy regarding user privilege operations security - protect details of security communications security - social media, media, and content, etc... and network security - networking components
A breach of possession may not always result in a breach of confidentiality
True
A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas. _______
True
Confidentiality ensures that only those with the rights and privileges to access information are able to do so.
True
During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.
True
Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks.
True
Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. _______
True
Of the two approaches to information security implementation, the top-down approach has a higher probability of success. _______
True
To achieve balance - that is, to operate an information system that satisfies the user and the security professional - the security level must allow reasonable access, yet protect against threats.
True
When unauthorized individuals or systems can view information, confidentiality is breached. _______
True
The famous study entitled " Protection Analysis: Final Report" focused on project undertaken by ARPA to understand and detect ______ in operating systems security.
Vulnerabilities
The senior technology officer is typically the chief ____________________ officer.
information
The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________.
information security
Which of the following was not an identified fundamental problem with ARPANET security?
phone numbers for access were closely held and distributed on a need-to-know basis
The ______________ of information is the quality or state of ownership or control of some object or item.
possession
The probability of an unwanted occurrence, such as an adverse event or loss, is known as a(n)
risk
The _____ component of an information system comprises applications, operating systems ,, and assorted command utilities
software
A potential weakness in an asset or its defensive control system(s) is known as a(n) _________.
vulnerability