CLO 1 Chapter 1 Flashcards
(25 cards)
What is the primary mission of an information security program?
To ensure that information assets remain safe and useful.
Information assets include both the information itself and the systems that house them.
List the four important functions of information security for an organization.
- Protecting the organization’s ability to function
- Protecting the data and information the organization collects and uses
- Enabling the safe operation of applications running on the organization’s IT systems
- Safeguarding the organization’s technology assets
What are the three key aspects of information security?
- Confidentiality
- Integrity
- Availability
Define Confidentiality in the context of the CIA Triad.
The ability to hide information from those people unauthorized to view it.
A breach in confidentiality allows unauthorized access to sensitive information.
Define Integrity in the context of the CIA Triad.
The ability to ensure that data is an accurate and unchanged representation of the original secure information.
A breach in integrity allows unauthorized modification of information.
Define Availability in the context of the CIA Triad.
The ability to ensure that the information concerned is always readily accessible to the authorized viewer.
A breach in availability means authorized users cannot access information when needed.
What are the layers of security needed to implement security within an organization?
- Physical security
- Personnel security
- Operations security
- Communications security
- Network security
- Information security
What is the definition of Security?
The quality or state of being secure – to be free from danger.
What is the significance of the ARPANET in the history of computer security?
It was established by the US DoD and evolved into the Internet, highlighting the need for security due to distributed network communications.
What is the main focus of the first operating system designed with security as its primary goal?
The MULTICS system focused on user access rights.
Why do organizations need to protect their information?
To fulfill their responsibility to stakeholders and maintain functionality, data integrity, and operational safety.
What are the sample security threats to Physical Security?
- Fire
- Theft
What are the sample security threats to Personnel Security?
- Angry employee
What are the sample security threats to Operations Security?
- Flaw in operation logic
What are the sample security threats to Communications Security?
- Weak encryption
What are the sample security threats to Network Security?
- DoS attacks
- Session hijacking
What are the sample security threats to Information Security?
- Theft of private data
Fill in the blank: The three pillars of Information Security are __________.
Confidentiality, Integrity, Availability
True or False: Security only involves protecting information from unauthorized access.
False
Security also involves ensuring data integrity and availability.
What is a critical aspect of protecting data?
Securing data in transmission, processing, and at rest.
What is needed to implement security within an organization?
Policy, awareness and training, and technology.
What are the components of an Information System?
- Data and information
- Networks
- Applications and written code
- Physical devices
- Rules and policies
- Personnel
What does a breach in confidentiality allow?
Unauthorized people to view information they shouldn’t be able to view.
What does a breach in integrity allow?
Unauthorized people to change information they shouldn’t be able to modify.
