Critical Characteristics of Information

Questions and Answers

What does the characteristic of confidentiality in information refer to?

• The quality of information being original or genuine.
• The protection of information from unauthorized disclosure. (correct)
• The ability of information to be accessed by all users.
• The endorsement of information accuracy by authorized individuals.

Why is integrity important for information?

• It guarantees that information can be accessed anytime.
• It ensures the information is accurate, complete, and authorized. (correct)
• It allows the information to be easily shared among different systems.
• It confirms that the information is in good physical condition.

What does availability signify regarding information?

• The information is always accessible to anyone who requests it.
• Information is protected from corruption and loss.
• Authorized users can access information when needed without obstruction. (correct)
• Information can only be accessed during certain hours.

How is accuracy characterized in relation to information?

The degree to which information matches user expectations. (C)

What does authenticity in information imply?

Information is genuine and not a product of forgery or replication. (A)

Utility, in the context of information, describes what?

The value of information in achieving a specific purpose. (B)

Possession of information refers to what characteristic?

The control or ownership of information, independent of its format. (A)

Which characteristic of information is threatened by exposure to corruption?

Integrity (C)

What are the three key dimensions in Cybersecurity according to the McCumber Cube?

Security Goals, Security Measures, Information States (A)

Which component of an Information System is considered the most valuable asset and often a primary target for attacks?

Data (A)

Which phase of the Security System Development Life Cycle (SecSDLC) involves identifying possible threats and assessing their potential impact?

Planning and Analysis (A)

What is one of the main weaknesses of Software in an Information System?

Bugs and errors lead to insecurity (C)

What role does education and training play in the context of Information Systems?

It helps mitigate threats from users who can be the weakest component (D)

How does the SecSDLC differ from the traditional SDLC?

It includes risk assessments and threat identification (B)

Which practice is commonly used to secure physical hardware within an Information System?

Biometric access controls (B)

In which phase of the SDLC do teams acquire hardware and software?

Design (D)

What is one significant threat posed by unauthorized access to an organization’s procedures?

Integrity of the information may be compromised (D)

Which of the following tools does NOT typically fall under a category of security measures or controls?

Server hardware upgrades (A)

What is the primary focus during the Support phase of the SecSDLC?

Detecting and addressing system errors (A)

Which of the following components is commonly considered the weakest link in an Information System?

People (C)

What is the significance of conducting a preliminary risk assessment in the SecSDLC?

To create an initial description of security requirements (C)

Procedures in an Information System are typically used for what purpose?

Accomplishing specific tasks securely (B)

Flashcards

Confidentiality

Preventing unauthorized disclosure of sensitive information.

Integrity

Ensuring information is accurate, complete, and authorized.

Availability

Ensuring authorized users can access information when needed.

Accuracy

Information is free from errors and meets user expectations.

Authenticity

Information is genuine and unaltered.

Utility

Information is relevant and usable for specific purposes.

Possession

Ownership or control of information.

McCumber Cube

Visual model representing interconnections among information security factors, layers include security goals (C.I.A), security measures/controls, and information states (Storage, Transmission, Processing).

Software

Bugs and oversight in security during implementation can cause vulnerabilities making this component very important.

Hardware

Physical technology which executes software and store data.

Data

The most valuable asset targeted by cyber attacks which require integrity to be maintained.

People

Users that can pose threats to a system. Education and training are essential for security.

Procedures

Written guidelines that direct the use of systems; unauthorized access can jeopardize data integrity.

System Development Life Cycle (SDLC)

Detailed analysis, planning, design, implementation, and support phases to develop a reliable IS.

Security System Development Life Cycle (SecSDLC)

An adaptation of SDLC that incorporates security considerations at every phase.

Planning and Analysis (SecSDLC)

Assesses potential impacts of security breaches; includes preliminary risk assessments.

Design (SecSDLC)

Involves security functionalities and planning to address weaknesses.

Implementation (SecSDLC)

Focuses on system integration with chosen security controls.

Support (SecSDLC)

Ensures ongoing security post-implementation through monitoring and updates.

Importance of SecSDLC

Proactively identifies potential threats and establishes countermeasures.

SecSDLC Alignment

Ensures that all security aspects align with the organization's information security goals.

Study Notes

Critical Characteristics of Information

• C.I.A defines the core characteristics: Confidentiality, Integrity, Availability.
• Additional characteristics include Accuracy, Authenticity, Utility, and Possession.

Confidentiality

• Prevents unauthorized disclosure of sensitive information (e.g., credit card details, personal identifiable information (PII), health records).

Integrity

• Ensures information is accurate, complete, and authorized.
• Vulnerable to threats like corruption or unauthorized changes.

Availability

• Ensures authorized users can access information when needed without obstruction.
• Critical for maintaining data in correct formats and locations.

Accuracy

• Information must be free from errors and meet user expectations.
• Any alteration leading to a mismatch changes its status from accurate to inaccurate.

Authenticity

• Indicates that information is genuine and has not been altered.
• Authentic information retains its original state throughout its lifecycle.

Utility

• Information has value only when relevant and usable for specific purposes.
• Format must be meaningful to the end user for maximum effectiveness.

Possession

• Relates to ownership or control of information.
• Information is considered possessed once accessed, regardless of its format.

Breaches

• A breach of confidentiality automatically leads to a breach of ownership.
• Conversely, a breach of ownership does not necessarily compromise confidentiality.

McCumber Cube

• Visual model representing interconnections among information security factors.
• Layers include security goals (C.I.A), security measures/controls, and information states (Storage, Transmission, Processing).

Components of an Information System

• Software: Key component, often vulnerable due to bugs; security is frequently overlooked during implementation.
• Hardware: Physical technology crucial for executing software and storing data; traditional security methods include locks and biometrics.
• Data: Most valuable asset targeted by cyber attacks; its integrity must be maintained.
• People: Users can pose threats; education and training are essential for security.
• Procedures: Written guidelines direct the use of systems; unauthorized access to these can jeopardize data integrity.

System Development Life Cycle (SDLC)

• Involves detailed analysis, planning, design, implementation, and support phases.
• Focuses on developing a reliable information system through structured procedures.

Security System Development Life Cycle (SecSDLC)

• An adaptation of SDLC that incorporates security considerations at every phase.
• Planning and Analysis: Assesses potential impacts of security breaches; includes preliminary risk assessments.
• Design: Involves security functionalities and planning to address weaknesses.
• Implementation: Focuses on system integration with chosen security controls.
• Support: Ensures ongoing security post-implementation through monitoring and updates.

Importance of SecSDLC

• Proactively identifies potential threats and establishes countermeasures.
• Ensures that all security aspects align with the organization's information security goals.