AIS Chap 7

  1. What is anything about which a company would collect and store information
  2. What is an association between entities
    A relationship
  3. Is a characteristic of an entity, such as inventory number and descreption of each item in the entity of "Inventory"
    An attribute
  4. Things that have an economic value to a company, such as cash and inventory
  5. Various business processes conducted in a company's daily operations, such as sales and purchases
  6. People and organizations, such as customers and salespeople, who participate in business events
  7. Transforms plaintext into a short code
  8. 5 Principles of system reliability
    Security,confidentiality,privacy,processing integrity and availability
  9. Access to the system and its data is controlled and restricted to legitimate users
  10. sensitive organizational information is protected from unauthorized disclosure
  11. Personal information about customers is collected, used, disclosed, and maintained in an appropriate manner only in compliance with internal policies and external regulatory requirements.
  12. Data is processed accurately, completely, in a timely manner, and only with proper authorization
  13. o Restrict system access to only authorized users.
    o Protect the confidentiality of sensitive data, and the privacy of information collected from customers
    o Provide for processing integrity by preventing submission of unauthorized or fictitious transactions and preventing unauthorized changes to stored data or programs.
    o Protect against a variety of attacks, thereby ensuring the system is available when needed.
  14. _____is first and foremost a _______issue not a an _______issue
    security,management, technology
  15. FOCUSES ON THE REALTIONSHIP BETWEEn preventive, detective, and corrective controls.
    Time-based model of security
  16. Limit actions to those in accord with the organizaytion's security policy and to not allow undesired actions
    preventive controls
  17. identify when preventive controls have been breached
    detective controls
  18. to repari damage from any problems that ovcurred and to improve the functioning of both preventive and etective controls in order to reduce the likelihood of future problems.
    corrective controls
  19. time -based model of security evaluates the effectiveness of an organization's security by measuring and comparing the relationship among the follwoing
    • P= the time it takes an attacker to break through the organizations preventive controls
    • D= the time it takes to detect that an attack is in progress
    • C=the time it takes to respond to the attack
  20. If p>d+c, then the organization's security is
  21. If P<D+C, then the organization security procedures are
    not effective
  22. emloying multiple layers of controls in order to avoid having a single point of failure.
Card Set
AIS Chap 7
trust framework