Information Security Concepts

Questions and Answers

What is the term for damage or unauthorized modification of an information asset?

• Data Leakage
• Loss (correct)
• Integrity Breach
• Security Flaw

What is the main focus of the Maintenance & Change phase in the SDLC?

• Developing new systems
• Implementing security protocols
• Conducting user training
• Supporting and modifying the system throughout its lifecycle (correct)

Which component of Information Systems has significantly increased the demand for computer security measures?

• Data Storage
• Software Development
• Hardware
• Networking (correct)

What is often considered the most crucial yet overlooked element influencing information systems success?

People (B)

What does the Physical Design phase in SDLC involve?

Selecting technologies to support decisions (B)

Which type of user authentication credential depends on items the user possesses?

Possession (B)

What term describes written instructions that must be secured from unauthorized access?

Procedures (B)

What does the term 'Risk' refer to in the context of organizations?

The probability of unwanted events occurring (A)

What is the term for a documented process to take advantage of a vulnerability in software?

Exploit (A)

Which of the following describes a condition where a vulnerability is known to an attacker?

Exposure (A)

What does the Implementation phase in SDLC primarily focus on?

Creating the needed software and training users (D)

What is the main goal of Information Security?

To protect information systems from unauthorized access (B)

What does Integrity in information systems mean?

Data consistency and prevention of unauthorized modifications (D)

In the SDLC, the Investigation approach focuses on which aspect of project management?

Specifying the objectives, constraints, and scope of the project (C)

What is the role of Hardware in an information system?

To house and execute software while storing data (C)

In which phase of the SDLC are applications capable of providing needed services selected?

Logical Design (B)

What is the primary responsibility of Risk Assessment/Management Specialists?

Analyzing and managing risk management issues (D)

What is the Systems Development Life Cycle (SDLC) best described as?

A structured process for producing high-quality software (B)

What does a Security Policy Developer mainly do?

Set rules and expectations regarding data security (C)

Which term refers to an entity that poses a threat to an asset?

Threat (C)

What is primarily managed by Systems Administrators?

The configuration and operation of computer systems (D)

What role does a Team Leader in security typically not handle?

Conducting software updates (A)

What aspect makes software particularly challenging to secure?

Its complex coding and functionalities (B)

What is the primary responsibility of a Chief Information Officer (CIO)?

Advising senior executives on strategic planning (A)

Which of the following best defines security?

The quality of being free from danger (B)

What role does a Chief Information Security Officer (CISO) primarily hold in an organization?

Assessment, management, and implementation of Information Systems (D)

What does the term 'Confidentiality' refer to in data security?

Prevention of unauthorized access to sensitive information (D)

Which of the following roles is responsible for the storage, maintenance, and protection of information?

Data Custodian (B)

What does 'Data Security' involve in a corporate environment?

Protecting data from loss through unauthorized access (D)

Who are considered Data Users within an organization?

Employees performing their daily job functions using data (A)

What is the significance of the Enigma Machine in the context of data security?

It represents a historical cipher device used for secure communication (B)

What best defines the role of End Users in an organization's information security framework?

They utilize hardware and software assets to perform job duties (B)

What is the primary purpose of information security?

To protect the confidentiality, integrity, and availability of information. (D)

Which of the following is NOT a key element of the SDLC Analysis phase?

Developing detailed system specifications. (B)

What is the significance of the Enigma Machine?

It was a highly secure encryption device used by Nazi Germany. (C)

Which of the following is associated with the term 'Authenticity' in information security?

Verifying the source or origin of data and file transfers. (A)

Which of the following approaches to security focuses on improving systems from a bottom-up perspective?

Bottom-up Approach (D)

What is the significance of the ARPANET?

It was the first public packet-switched computer network used in the United States. (C)

Which of the following is NOT a key aspect of information security?

Usability (C)

What is the primary goal of 'Accuracy' in information security?

Confirming that information is free from errors and manipulation. (A)

Flashcards

Information Asset Loss

Damage or unauthorized modification/disclosure affecting an information asset.

SDLC Maintenance & Change

Tasks necessary to support and modify a system throughout its lifecycle.

Methodology

A formal problem-solving approach using a structured sequence of procedures.

Networking

The I.S component leading to the need for enhanced security.

Physical Design

Choosing technologies to support evaluated designs in SDLC.

Possession

User authentication based on items the user physically has.

Procedure

Written instructions for tasks that must be kept secure from unauthorized users.

Security Posture

The overall set of controls and safeguards to protect organizational assets.

Exploit

A documented process to take advantage of a software vulnerability created or inherent to the software.

Exposure

A condition where a known vulnerability exists and can be attacked.

Hardware

The physical technology that houses, executes software, and stores data.

Implementation

The phase in SDLC where software is created, components assembled, and users trained.

Information Security

Protection of information systems from unauthorized access and modification.

Integrity

Maintaining data so it’s not modified or deleted by unauthorized parties.

Investigation

SDLC phase where problems to be solved are specified, and project scope defined.

Logical Design

The SDLC phase identifying applications and data structures that meet business needs.

Risk Assessment/Management Specialists

Security personnel who analyze and manage risks by identifying, measuring, and deciding on operational risks.

Systems Development Life Cycle (SDLC)

A structured process that helps produce high-quality, low-cost software in minimal time.

Security

The quality or state of being secure, meaning to be free from danger.

Security Policy Developers

Professionals who define the rules and approach to maintain data confidentiality, integrity, and availability.

Security Professionals

A wide range of experts needed to support a diverse information security program.

Software

Comprises applications, operating systems, and command utilities, often difficult to secure.

Threat

A category of objects or persons that present a danger to assets, being purposeful or undirected.

Systems Administrators

Security personnel responsible for the upkeep and reliable operation of computer systems, especially servers.

Data Security

The process of protecting corporate data from unauthorized access and loss, including attacks like ransomware.

Chief Information Officer (CIO)

The executive responsible for advising on strategic planning and managing information systems.

Data Custodian

Responsible for the storage, maintenance, and protection of information within an organization.

Confidentiality

Measures designed to prevent unauthorized access to sensitive information.

Data Owner

Responsible for the security and usage of a particular set of information.

End Users

Employees who use organizational hardware and software to perform their job duties.

Enigma Machine

A cipher device from the 20th century used to protect military and diplomatic communications.

Security Champion

Development team members who act as an extension of the security team, spotting potential issues.

ARPANET

A network built to withstand attacks, originally developed for military use.

Accuracy

Measurement that ensures information is correct and not derived from malicious data.

Analysis

Assessment phase of SDLC where system expectations and interactions are evaluated.

Authenticity

Validation of the source or origin of data and file transfers through proof of identity.

Availability

Ensuring systems and data are accessible when needed by users.

Bottom-up Approach

A method where systems administrators improve security starting from grassroots efforts.

Study Notes

Information Security Concepts

• ARPANET was a network built to resist attacks from the USSR.
• Enigma Machine was a device extensively used by Nazi Germany.
• Information security protects information, systems, and hardware.
• Accuracy ensures information is correct and not malicious.
• SDLC assessments analyze organization, current systems, and support for new systems.
• ARPANET was the first public packet-switched network.
• Authenticity validates data source.
• Availability ensures data is ready when needed.
• Bottom-up approach improves security through grassroots effort.
• Chief Information Officer (CIO) advises senior executives.
• Chief Information Security Officer (CISO) manages and implements IS.
• Committee on National Security Systems (CNSS) is a security model.
• Confidentiality prevents unauthorized access to sensitive information.
• Data Custodian manages storage and protection of data.
• Data Owner protects and uses data.
• Data Security prevents data loss, modification, and corruption.
• Data Users interact with data to support daily tasks.
• End Users use hardware and software for their jobs.
• Enigma Machine protected communication in the early/mid-20th century.
• Exploit compromises a system for personal gain.
• Exposure means a vulnerability, known to an attacker.
• Hardware is the physical technology.
• Implementation involves training and document creation.
• Investigation determines the system's purpose, constraints, and scope.
• Integrity ensures data isn't modified or deleted by unauthorized users.
• National Information Assurance Glossary defines information security.
• A security posture or protection profile includes controls and safeguards.
• Risk is the probability of unwanted events occurring.
• Risk Assessment/Management Specialists manage risk.
• SDLC is a structured process for creating software.
• Security ensures freedom from danger.
• Security Policy describes procedures and expectations.
• Security Policy Developers detail data security rules.
• Security Professionals support multiple security functions.
• Software includes applications, operating systems, and utilities.
• Systems Administrators maintain computer systems.
• Team Leader manages security team responsibilities.
• Threat is a potential danger to an asset.
• Threat Agent is a specific instance of a threat.
• Top-down approach sets goals and procedures.
• Utility software helps configure and maintain systems.
• Vulnerability is a flaw in a system.
• Waterfall Model is a linear approach to SDLC.

Additional Information

• Methodology or SDLC is a formal problem-solving approach.
• Networks are a crucial component for increased security in computer systems.
• People are often overlooked but are a critical aspect of information system success.
• Possession authentication uses hardware items.
• Procedure outlines tasks and prevents unauthorized actions.
• Probability and Risk are important factors to account for as systems develop.
• Physical design selects technologies for identified alternatives.