chapter 1+2 Information security and cloud secuity Flashcards
(40 cards)
What is information system security?
Information system security (infosec) refers to the processes and methodologies involved with keeping information confidential, available, and assuring its integrity.
What are the key objectives of security?
The key objectives of security are Prevention, Detection, Response, and Recovery (PDRR).
Why is security important?
Security is important for protecting against threats, safeguarding assets, maintaining trust, ensuring compliance, and preventing financial loss.
What are tangible assets?
Tangible assets are physical, material objects that can be touched or measured, such as hardware and facilities.
What are intangible assets?
Intangible assets are non-physical resources that provide value but cannot be touched, such as data and brand reputation.
What types of assets should be secured?
Types of assets that should be secured include Information Assets, Physical Assets, Digital Assets, Network Assets, and Human Assets.
What is the relationship between different types of security?
Different types of security, such as information security, cybersecurity, internet security, network security, and web security, are interrelated and collectively form a layered approach to protecting assets.
What is the OSI Security Architecture?
The OSI Security Architecture considers three aspects: security attacks, security mechanisms, and security services.
What does confidentiality ensure?
Confidentiality ensures that computer-related assets are accessed only by authorized parties.
What is the goal of hardening systems?
The goal of hardening systems is to make it harder to exploit vulnerabilities, deterring attackers by increasing effort and reducing reward.
What is the significance of layered security?
A layered security approach combines multiple layers of protection to create a stronger defense, reducing overall risk if one layer fails.
What are primary information assets?
Primary information assets are data, information, or knowledge that has value, is organized, and enables the organization to operate business processes.
What are supporting, secondary information assets?
Supporting, secondary information assets include software, hardware, people, physical infrastructure, processes, and purchased services essential for making data available.
What is an organization in the context of security?
An organization intended to counter security attacks and make use of one or more security mechanisms to provide the service.
Examples include having signatures, dates, and needing protection from disclosure, tampering, or destruction.
What does the ‘C’ in CIA stand for?
Confidentiality: ensures that computer-related assets are accessed only by authorized parties.
What is data confidentiality?
Assures that private or confidential information is not made available or disclosed to unauthorized individuals.
What is privacy in the context of confidentiality?
Assures that individuals control or influence what information related to them may be collected and stored and by whom.
What does the ‘I’ in CIA stand for?
Integrity: means that assets can be modified only by authorized parties or only in authorized ways.
What is data integrity?
Assures that information and programs are changed only in a specified and authorized manner.
What does the ‘A’ in CIA stand for?
Availability: means that assets are accessible to authorized parties at appropriate times.
What is the impact of a loss of availability?
Disruption of access to or use of information or an information system.
What is authenticity in information security?
The property of being genuine and being able to be verified and trusted.
What is accountability in information security?
The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.
What is authentication?
Any process by which you verify that someone is who they claim they are.
