Information Security (Exam 1, Chapter 1)
The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.
CISO
An emerging methodology to integrate the effort of the development team and the operations team to improve the functionality and security of applications is known as __________.
DevOps
The investigation phase of the SDLC involves specification of the objectives, constraints, and scope of the project.
True
A type of SDLC in which each phase has results that flow into the next phase is called the __________ model.
Waterfall
An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n) ___________.
Asset
Which of the following is a valid type of role when it comes to data ownership?
Data owners, custodians, and users
A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection.
Direct
A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.
False
A(n) hardware system is the entire set of people, procedures, and technology that enable business to use information.
False
E-mail spoofing involves sending an e-mail message with a harmful attachment.
False
Hardware is often the most valuable asset possessed by an organization, and it is the main target of intentional attacks.
False
Network security focuses on the protection of physical items, objects, or areas from unauthorized access and misuse.
False
SecOps focuses on integrating the need for the development team to provide iterative and rapid improvements to system functionality and the need for the operations team to improve security and minimize the disruption from software release cycles.
False
The Analysis phase of the SDLC examines the event or plan that initiates the process and specifies the objectives, constraints, and scope of the project.
False
The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).
False
The physical design is the blueprint for the desired solution.
False
The possession of information is the quality or state of having value for some purpose or end.
False
The water-ski model is a type of SDLC in which each phase of the process flows from the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments.
False
When a computer is the subject of an attack, it is the entity being attacked.
False (Object)
MULTICS stands for Multiple Information and Computing Service.
False (multiplexed)
__________ was the first operating system to integrate security as one of its core functions.
MULTICS
Which of the following phases is often considered the longest and most expensive phase of the systems development life cycle?
Maintenance and change
__________ has become a widely accepted evaluation standard for training and education related to the security of information systems.
NSTISSI No. 4011
People with the primary responsibility for administering the systems that house the information used by the organization perform the role of ____.
Security Administrators
An information system is the entire set of __________, people, procedures, and networks that enable the use of information resources in the organization.
Software, Hardware, and Data
A methodology and formal development strategy for the design and implementation of an information system is referred to as a __________.
System Development Life Cycle (SDLC)
A breach of possession may not always result in a breach of confidentiality.
True
A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information.
True
A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas.
True
Confidentiality ensures that only those with the rights and privileges to access information are able to do so.
True
During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.
True
The value of information comes from the characteristics it possesses.
True
To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access, yet protect against threats.
True
When unauthorized individuals or systems can view information, confidentiality is breached. _________________________
True
the protection of all communications media, technology, and content is known as ___________.
communications media
The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________.
information Security
