Principles of Information Security Flashcards

security policy
Terms Definitions
Information Security
a “well-informed sense of assurance that the information risks and controls are in balance.” — Jim Anderson, Inovant (2002)‏
Goal of Information Security
maintain the status quo, maintain the security, maintain the liveness
is “the quality or state of being secure--to be free from danger.” 
Aspects of Security
Physical security – To protect the physical items, objects, or areas of an organization from unauthorized access and misuse.
Personal security – To protect the individual or group of individuals who are authorized to access the organization and its operations.
Operations security – To protect the details of a particular operation or series of activities.
Communications security – To protect an organization’s communications media, technology, and content.
Network security – To protect networking components, connections, and contents.
Confidentiality Integrity Availability
Critical Characteristics of Information
Availability – Enables users who need to access information to do so without interference or obstruction and in the required format. The information is said to be available to an authorized user when and where needed and in the correct format. 
Accuracy – Free from mistake or error and having the value that the end user expects. If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate.
Authenticity –The quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred. 
Confidentiality – The quality or state of preventing disclosure or exposure to unauthorized individuals or systems. 
Integrity – The quality or state of being whole, complete, and uncorrupted.  The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.
Utility – The quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end user, it is not useful.
Possession – The quality or state of having ownership or control of some object or item. Information is said to be in possession if one obtains it, independent of format or other characteristic. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality.
Components of an Information System
hardware, software, data, procedures, people- easiest to hardest to change
Systems Development Life Cycle (SDLC):
a methodology for the design and implementation of an information system in an organization. 
Data Owner
Responsible for the security and use of a particular set of information.
Data Custodian
Responsible for the storage, maintenance, and protection of the information.
Data Users
The end systems users who work with the information to perform their daily jobs supporting the mission of the organization.
a subject or object’s ability to use, manipulate, modify, or affect another subject or object. 
the organizational resource that is being protected.
an act that is an intentional or unintentional attempt to cause damage or compromise to the information and/or the systems that support it.
Control, Safeguard, or Countermeasure
security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization. 
to take advantage of weaknesses or vulnerability in a system. 
a single instance of being open to damage. 
Good: to use computers or systems for enjoyment; Bad: to illegally gain access to a computer or system.
a passive entity in the information system that receives or contains information. 
an individual who “cracks” or removes the software protection from an application designed to prevent unauthorized duplication.
the probability that something can happen.
Security Blueprint
the plan for the implementation of new security measures in the organization.
Security Model
a collection of specific security rules that represents the implementation of a security policy. 
Security Posture or Security Profile
a general label for the combination of all policies, procedures, technologies, and programs that make up the total security effort currently in place.
- an active entity that interacts with an information system and causes information to move through the system for a specific end purpose
a category of objects, persons, or other entities that represents a potential danger to an asset.
Threat Agent
a specific instance or component of a more general threat.
weaknesses or faults in a system or protection mechanism that expose information to attack or damage.
Intellectual property
“the ownership of ideas and control over the tangible or virtual representation of those ideas.”
software piracy
the unlawful use or duplication of software-based intellectual property
hacks the public telephone network to make free calls, disrupt services, and generally wreak havoc.
a deliberate act that exploits vulnerability
redirection of legitimate Web traffic (e.g., browser requests) to illegitimate site for the purpose of obtaining private information
Timing attack
relatively new; works by exploring contents of a Web browser’s cache to create malicious cookie
/ 34

Leave a Comment ({[ getComments().length ]})

Comments ({[ getComments().length ]})


{[ comment.comment ]}

View All {[ getComments().length ]} Comments
Ask a homework question - tutors are online