Information Security (Exam 1, Chapter 1)

Ace your homework & exams now with Quizwiz!

The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.

CISO

An emerging methodology to integrate the effort of the development team and the operations team to improve the functionality and security of applications is known as __________.

DevOps

The investigation phase of the SDLC involves specification of the objectives, constraints, and scope of the project.

True

A type of SDLC in which each phase has results that flow into the next phase is called the __________ model.

Waterfall

An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n) ___________.

Asset

Which of the following is a valid type of role when it comes to data ownership?

Data owners, custodians, and users

A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection.

Direct

A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.

False

A(n) hardware system is the entire set of people, procedures, and technology that enable business to use information.

False

E-mail spoofing involves sending an e-mail message with a harmful attachment.

False

Hardware is often the most valuable asset possessed by an organization, and it is the main target of intentional attacks.

False

Network security focuses on the protection of physical items, objects, or areas from unauthorized access and misuse.

False

SecOps focuses on integrating the need for the development team to provide iterative and rapid improvements to system functionality and the need for the operations team to improve security and minimize the disruption from software release cycles.

False

The Analysis phase of the SDLC examines the event or plan that initiates the process and specifies the objectives, constraints, and scope of the project.

False

The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).

False

The physical design is the blueprint for the desired solution.

False

The possession of information is the quality or state of having value for some purpose or end.

False

The water-ski model is a type of SDLC in which each phase of the process flows from the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments.

False

When a computer is the subject of an attack, it is the entity being attacked.

False (Object)

MULTICS stands for Multiple Information and Computing Service.

False (multiplexed)

__________ was the first operating system to integrate security as one of its core functions.

MULTICS

Which of the following phases is often considered the longest and most expensive phase of the systems development life cycle?

Maintenance and change

__________ has become a widely accepted evaluation standard for training and education related to the security of information systems.

NSTISSI No. 4011

People with the primary responsibility for administering the systems that house the information used by the organization perform the role of ____.

Security Administrators

An information system is the entire set of __________, people, procedures, and networks that enable the use of information resources in the organization.

Software, Hardware, and Data

A methodology and formal development strategy for the design and implementation of an information system is referred to as a __________.

System Development Life Cycle (SDLC)

A breach of possession may not always result in a breach of confidentiality.

True

A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information.

True

A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas.

True

Confidentiality ensures that only those with the rights and privileges to access information are able to do so.

True

During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.

True

The value of information comes from the characteristics it possesses.

True

To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access, yet protect against threats.

True

When unauthorized individuals or systems can view information, confidentiality is breached. _________________________

True

the protection of all communications media, technology, and content is known as ___________.

communications media

The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________.

information Security


Related study sets

Macroeconomics Chapter 7 Questions

View Set

Ch. 7 - Electricity & Electrical Safety

View Set

Exam 1 practice questions fin 420

View Set

Storia delle Relazioni Internazionali Date

View Set