Chapter 1 Flashcards
(30 cards)
Computer Security
This term specified the need to secure the physical location of computer technology from outside threats. This term later came to represent all actions taken to preserve computer systems from losses. It has evolved into the current concept of information security as the scope of protecting information in an organization has expanded.
C.I.A Triad
The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information: Confidentiality, Integrity, and Availability.
Communications security
The protection of all communications media, technology, and content.
Information Security
Protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology.
Network Security
A subset of communications security; the protections of voice and data networking components, connections, and content.
Security
A state of being secure and free from danger or harm. Also, the actions taken to make someone or something secure.
Accuracy
How data is free of errors and has the value that the user expects
Authenticity
How data is genuine or original rather than reproduced or fabricated
Availability
How data is accessible and correctly formatted for use without interference or obstruction
Confidentiality
How data is protected from disclosure or exposure to unauthorized individuals or systems.
Integrity
How data is whole, complete, and uncorrupted
Personally Identifiable Information
A set of information that could uniquely identify an individual
Possession
How the data’s ownership or control is legitimate or authorized
Utility
How data has value or usefulness for an end purpose
McCumber Cube
A graphical representation of the architectural approach widely used in computer and information security; commonly shown as a cube composed of 3x3x3 cells
Information System
The entire set of software, hardware, data, people, procedures, and networks that enable the use of information resources in the organization
Physical Security
The protection of physical items, objects, or areas from unauthorized access and misuse
Bottom-up Approach
A method of establishing security policies and/or practices that beings as a grassroots effort in which systems administrators attempt to improve the security of their systems
Top-down Approach
A methodology of establishing security policies and/or practices that is initiated by upper management
Systems Development Life Cycle
A methodology for the design and implementation of an information system.
Methodology
A formal approach to solving a problem based on a structured sequence of procedures
Waterfall Model
SDLC in which each phase of the process “flows from” the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments
Software Assurance
A methodological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages. SA attempts to intentionally create software free of vulnerabilities and provide effective, efficient software that user can deploy with confidence.
Chief Information Officer
An executive level position that oversees the organization’s computing technology and strives to create efficiency in the processing and access of the organizations information
