SRA Chapter 1 Flashcards

Questions and Answers

What does computer security involve?

• Protecting hardware, software, and data (correct)
• Increasing the processing speed of a computer
• Enhancing user interfaces
• None of the above

What is the definition of security?

A state of being secure and free from danger or harm.

What is information security?

Protection of the confidentiality, integrity, and availability of information assets.

What is network security?

Protection of voice and data networking components, connections, and content.

What does the C.I.A. Triad stand for?

Confidentiality, Integrity, and Availability.

Define confidentiality in the context of information.

How data is protected from disclosure or exposure to unauthorized individuals.

What constitutes Personally Identifiable Information (PII)?

Information that can be used to commit identity theft.

What is the definition of integrity in information security?

How data is whole, complete, and uncorrupted.

What does availability refer to in information security?

How data is accessible and correctly formatted for use.

Define accuracy regarding information.

How data is free of errors and meets user expectations.

What does authenticity mean in information security?

How data is genuine or original.

Define utility in the context of information.

How data has value or usefulness for an end purpose.

What does possession refer to in information attributes?

How the data's ownership or control is legitimate.

What is the McCumber Cube?

A graphical representation of the architectural approach widely used in computer and information security.

What is an information system (IS)?

The entire set of software, hardware, data, people, procedures, and networks used for information resources.

What does physical security involve?

The protection of material items from unauthorized access and misuse.

What is a bottom-up approach in security policy establishment?

A grassroots method where systems administrators improve the security.

What is a top-down approach in security policy establishment?

A methodology initiated by upper management to establish security practices.

What is the role of a Chief Information Officer (CIO)?

To oversee the organization's computing technology for efficiency.

What is the responsibility of a Chief Information Security Officer (CISO)?

To manage information security within an organization.

Who are data owners?

Individuals responsible for the security and use of a particular set of information.

Define data custodians.

Individuals responsible for the storage, maintenance, and protection of data.

What are data trustees responsible for?

Managing a particular set of information and coordinating protection and use.

Who are data users?

Stakeholders who interact with information for organizational operations.

Flashcards are hidden until you start studying

Study Notes

Computer Security and Related Concepts

• Computer security encompasses all actions taken to safeguard hardware, software, and data from unauthorized access, theft, natural disasters, and human errors.
• Security is defined as a state of being free from danger or harm, along with the measures taken to ensure safety.

Information Security

• Focuses on maintaining the confidentiality, integrity, and availability of information assets during storage, processing, or transmission through policies, education, and technology.
• Network security specifically aims to protect voice and data networking components and connections.

C.I.A. Triad

• Represents a foundational model in computer security involving three key principles: confidentiality, integrity, and availability.

Attributes of Information

• Confidentiality: Protects data from unauthorized viewing or exposure.
• Integrity: Ensures that information remains whole, complete, and uncorrupted.
• Availability: Guarantees that data is accessible and appropriately formatted for use.
• Accuracy: Reflects the correctness of data and aligns with user expectations.
• Authenticity: Confirms that data is genuine or original, not altered or fabricated.
• Utility: Indicates the value and usefulness of data for specific purposes.
• Possession: Relates to the legitimate ownership or control of data.

Important Frameworks and Roles

• McCumber Cube: A prominent architectural model utilized in computer and information security.
• Information System (IS): An integrated whole of software, hardware, data, and personnel facilitating information resource usage.
• Physical security focuses on safeguarding physical items or locations from unauthorized access.

Security Policy Approaches

• Bottom-up approach: Initiated by systems administrators aiming to enhance security policies through grassroots efforts.
• Top-down approach: Established by upper management, setting the tone for security policy development.

Key Positions in Information Security

• Chief Information Officer (CIO): Executive role overseeing technology to enhance efficiency in information processing.
• Chief Information Security Officer (CISO): Focuses on leading an organization's information security strategies.

Data Management Roles

• Data Owners: Individuals responsible for security and governance of specific information sets; can appoint custodians for protection tasks.
• Data Custodians: Maintain and protect information resources, also called data stewards.
• Data Trustees: Manage and coordinate the protection and use of specific information sets.
• Data Users: Include various stakeholders (customers, suppliers, employees) interacting with organizational information for operational support.

Communities of Interest

• Groups formed by stakeholders sharing a common interest in information usage and security management.