chapter 2 information security system Flashcards
• The oulines : • the information security defination • the informatios security system critical Assets • the information system Core principles and Objevtives • OSI security Architecture for infosec • the security system Development lifecycle SECSDLC (36 cards)
Define Information security ?
Information security can be defined as the protection of the information system and its resources (Critical assets)
Information security protect the information system and its resources against what?
1-Accidental or Intentional disclosure of confidential data
2-Unlawful modification of data or programs
3-the destruction of data, software or hardware
4- ensuring non-repudiation
Information systems security (infosec) refers to what?
Information systems security (infosec) refers to the processes and methodologies involved with keeping information confidential, available, and assuring its integrity
What are the primary information assets?
Primary information assets are :
data, information or knowledge, Which has value, is organized and managed
The primary information assets enables what?
Enables the organization to operate business processes and decision making
where does the primary information assets sets in the information assets pyramid?
it situated at the top of the pyramid
what are the supporting (secondary assets)
1- Software
2- hardware
3-people
4-physical infrastructure
5-processes
Secondary, supporting information assets are essential for?
are essential for making data and information available
the secondary (supporting) assets include (software) explain ?
software or application where data is stored or processed
the secondary (supporting) assets include (Hardware) explain ?
Hardware: any other IT or other equipment
the secondary (supporting) assets include (people) explain ?
as carriers of knowledge and information, also as a source of risk or failure
the secondary (supporting) assets include (physical infrastructure) explain ?
any physical equipment, location on which other assets depend, such as a server room
the secondary (supporting) assets include (processes) explain ?
processes such access control processes or incident response processes
OSI Security architecture contains 3 things mention them?
1- security attack
2-security mechanism
3-security service
what is a security attack?
any action that compromises the security of information owned by an organization. Or an assault (Attack) on system security that develops from an intelligent threat
there are two types of generic types of attacks ,mention them?
1-Passive attack
2-active attack
what is a security mechanism ?
a process (Or a device incorporating such a process) that is designed to prevent. detect, or recover from a security attack
does a single mechanism can support all functions required?
NO, however one particular element underlies many of the security mechanisms in use: cryptographic techniques
What is a security service?
is a service that enhances the security of the data and the information transfers of an organization
there are 6 main pillars of security (the roman building) mention them?
1- confidentiality
2-Integrity
3-Availability
4-Non-Repudiation
5-Authenticity
6-Access control
What do we mean by assets confidentiality ?
Confidentiality ensures that computer-related assets are accessed only by authorized parties that is only those who should have access to something will actually get that access
confidentiality sometimes is called ?
Secrecy or privacy
What do we mean by data confidentiality ?
Assure that private or confidential information is not made available or disclosed to unauthorized individuals
what do we mean by privacy ?
Assure that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed
