Chapter 1

Question 1

Learning objective

Answer 1

Explain information systems security and its effect on people and businesses.

Question 2

Key Concepts

Answer 2

• information systems security concepts
• confidentiality, integrity, availability
• 7 domains of an IT infrastructure
• the weakest link in the security of an IT infrastructure
• IT security policy framework and data classification standard

Question 3

Information Systems Security
- Internet -

Answer 3

• Worldwide network with more than 2 billion users
  –> include governments, businesses, and organizations
• Links communication networks to 1 another

Question 4

Information Systems Security
- World Wide Web -

Answer 4

• A system that defines how documents and resources are related across network machines

Question 5

Data Breaches : Examples

Answer 5

• Adobe Systems Incorporated, 2013 -
  –> Hackers published data for 150 million accounts
  –> stoles encrypted customer credit card data
  –> compromised login credentials
• U.S. Office of Personnel Management, 2015 -
  –> Data breach impacted 22 million people
  –> stole SSNs, names, places of birth, addresses
  –> Millions must be monitored for identity theft for years

Question 6

Internet of Things (IoT)

Answer 6

Connects personal devices, home devices, and vehicles to the Internet
- more data to steal

Question 7

Cybersecurity

Answer 7

duty of every government that wants to ensure its national security

Question 8

Data security

Answer 8

the responsibility of every organization that needs to protect its information assets and sensitive data

Question 9

Risk

Answer 9

likelihood that something bad will happen to an asset

Question 10

Threat

Answer 10

any action that could damage an asset

Question 11

Vulnerability

Answer 11

a weakness that allows a threat to be realized or to have an effect on an asset

Question 12

Information system

Answer 12

hardware, operating system, and application software that work together to collect, process, and store data for individuals and organizations

Question 13

Information system security

Answer 13

the collection of activities that protect the information system and the data stored in it

Question 14

U.S. Compliance Laws Drive Need for Information Systems Security

Answer 14

CIPA/FERPA, FISMA, SOX, HIPAA, GLBA, PCI DSS (individual privacy data)

Question 15

Individual Privacy Data must be ______

Answer 15

protected

Question 16

Security Controls are required to protect ________ ________

Answer 16

Privacy Data

Question 17

Tenets of Information Systems Security

Answer 17

Confidentiality, integrity, availability

Question 18

Confidentiality

Answer 18

only authorized users can view information

Question 19

Integrity

Answer 19

only authorized users can change information

Question 20

Availability

Answer 20

information is accessible by authorized users whenever they request the information

Question 21

Examples of Confidentiality

Answer 21

1. Privacy data of individuals
2. Intellectual property of businesses
3. National security for countries + government

Question 22

Types of Security 4 Confidentiality

Answer 22

1. Cryptography
2. Encryption
3. Ciphertext

Question 23

Cryptography

Answer 23

practice of hiding data and keeping it away from unauthorized users

Question 24

Encryption

Answer 24

the process of transforming data from cleartext into ciphertext

Question 25

Ciphertext

Answer 25

the scrambled data that are the result of encrypting cleartext

Question 26

Encryption of Cleartext into Ciphertext (VPN Tunnel)

Answer 26

VPN Tunnel with Encryption IP Datagram is Encrypted Cleartext Not Visible

Question 27

Integrity

Answer 27

maintain valid, uncorrupted, and accurate information

Question 28

Database has integrity if:

Answer 28

1. data is not altered 2. data is valid 3. data is accurate

Question 29

Availability (Information security)

Answer 29

the amount of time users can use a system, application, and data

Question 30

Availability Time Measurements

Answer 30

1. Uptime 2. Downtime 3. Availability [ A = (total uptime)(total uptime + total downtime)] 4. Mean time to failure (MTTF) 5. Mean time to repair (MTTR) 6. Mean time between failures (MTBF) 7. Recovery time objective (RTO)

Question 31

Uptime

Answer 31

the total amount of time that a system, application, and data are accessible. Typically measured in units of seconds, minutes, and hours within a given calendar month. Often expressed as a percentage of time available, e.g., 99.5 percent uptime.

Question 32

Downtime

Answer 32

the total amount of time that a system, application, and data are not accessible. Measured in units of seconds, minutes, and hours for a calendar month.

Question 33

Availability [ A = (total uptime)(total uptime + total downtime)]

Answer 33

A mathematical calculation where A = (Total Uptime) / (Total Uptime + Total Downtime).

Question 34

Mean time to failure (MTTF)

Answer 34

the average amount of time between failures for a particular system

Question 35

Mean time to repair (MTTR)

Answer 35

the average amount of time it takes to repair a system, application, or component. The goal is to bring the system back quickly

Question 36

Mean time between failures (MTBF)

Answer 36

the predicted amount of time between failures of an IT system during operation.

Question 37

Recovery time objective (RTO)

Answer 37

the amount of time it takes to recover and make a system, application, and data available for use after an outage.