Chapter 0_review/vocab

  1. What is Information?
    • Knowledge derived from data
    • and 
    • Data presented in a meaningful context
  2. What is Data?
    Data processed by summing, ordering, averaging, grouping, comparing, or similar operations
  3. Characteristics of Information.  The value of information comes from the characteristics it possesses. Which are the most critical characteristics?
    • CIA Triad:
    •      Confidentiality
    •      Integrity
    •      Availability
  4. Define Availability
    Enables users who need to access information to do so without interference or obstruction and in the required format.

    means that assets are accessible to authorized parties at appropriate times. In other words, if some person or system has legitimate access to a particular set of objects, that access should not be prevented. For this reason, availability is sometimes known by its opposite, denial of service.
  5. Define Accuracy
    • Free from mistake or error and having the value that the end user expects.
    • If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate.
  6. Define Authenticity
    The quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred.
  7. Define Confidentiality
    The quality or state of preventing disclosure or exposure to unauthorized individuals or systems.

    ensures that computer-related assets are accessed only by authorized parties. That is, only those who should have access to something will actually get that access. By "access," we mean not only reading but also viewing, printing, or simply knowing that a particular asset exists. Confidentiality is sometimes called secrecy or privacy.
  8. Define Integrity
    • The quality or state of being whole, complete, and uncorrupted. 
    • The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.

    means that assets can be modified only by authorized parties or only in authorized ways. In this context, modification includes writing, changing, changing status, deleting, and creating.
  9. Define Utility
    The quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end user, it is not useful.
  10. Define Possession
    • The quality or state of having ownership or control of some object or item.
    • Information is said to be in possession if one obtains it, independent of format or other characteristic. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality.
  11. What is an Information System and what are the components (Five Component Model)?
    An assembly of hardware, software, data, procedures, and people that interact to produce information.

    • 5-Component Model:
    • Hardware, Software, Data, Procedures, People
  12. List the element of the Five Component Model.
    Hardware, Software, Data, Procedures, People
  13. What is Security?
    The quality or state of being secure—to be free from danger
  14. What are some of the different layers of security (types) an organization should provide?
    Physical security

    Personal security

    Operations security

    Communications security

    Network security

    Information security
  15. What is Information Security/Management and What is the Mission (What do we try to achieve)?
    • Information Security/Management:
    •      a well-informed sense of assurance that the information risks and controls are in balance.

    Primary mission of information security is to ensure systems and contents stay the same.
  16. What is Information Security/Management?
    a well-informed sense of assurance that the information risks and controls are in balance.
  17. What is the mission of Information Security/Management?
    to ensure systems and contents stay the same.
  18. Relate the history of computer security and how it evolved into information security.

    a. When did it start? 

    b. What were some of the initial problems?

    c. When was the Internet started and was security a priority in its conception?

    d. Is there a difference between the World-wide Web and the Internet? If so, what is the difference? Are the security threats and vulnerabilities the same?  Justify your answer.
    a. After the 1st mainframes were developed

    b. Breaking codes during world war 2

    c. No

    d. Yes the internet is hardware/network itself and the world wide web is the software that is on top of the internet allowing communication to between the two to happen
  19. what is a vulnerability?
    it is a weakness in the security system, for example, in procedures, design, or implementation, that might be exploited to cause loss or harm.
  20. What is a treat?
    is a set of circumstances that has the potential to cause loss or harm.

    NOTE: A threat is blocked by control of a vulnerability
  21. What is a control?
    is an action, device, procedure, or technique that removes or reduces a vulnerability.

    NOTE: A threat is blocked by control of a vulnerability
  22. Who is responsible for Information Security in an Organization?  Any Specific Roles?  If so name them.
    Everyone is responsible for information security in an organization.

    • Specific Roles include:
    •      Chief Information Officer (CIO)
    •      Chief Information Security Officer (CISO)
    •      Data owner
    •      Data custodian
    •      Data users‏
  23. Identify three top threats to information security and at least one control to help mitigate that threat.
    Threats Controls
    1. Acts of human error or failure Training
    2. Compromises to intellectual property have selective sharing of key information or keeping software up to date
    3. Deliberate acts of espionage or trespass having network security 
  24. What can this threats do to an Information system? 
    Image Upload 1
    An interception means that some unauthorized party has gained access to an asset. Examples of this type of failure are illicit copying of program or data files or wiretapping to obtain data in a network.
  25. What can this threats do to an Information system?
    Image Upload 2
    If an unauthorized party not only accesses but tampers with an asset, the threat is a modification. For example, someone might change the values in a database, alter a program so that it performs an additional computation, or modify data being transmitted electronically.
  26. What can this threats do to an Information system? 
    Image Upload 3
    In an interruption, an asset of the system becomes lost, unavailable, or unusable. An example is malicious destruction of a hardware device, erasure of a program or data file, or malfunction of an operating system file manager so that it cannot find a particular disk file.
  27. What can this threats do to an Information system? 
    Image Upload 4
    An unauthorized party might create a fabrication of counterfeit objects on a computing system. The intruder may insert spurious transactions to a network communication system or add records to an existing database.
  28. Identify and briefly explain two costly threats and justify why one (businesses, people) might want to use the Internet if it is so dangerous.
    • Two threats would be identity theft and Ddos attack.
    • People still use the internet even though it is dangerous because it is convenient/it makes life easier.
  29. Here is an accepted Security Model. What do we do with it?
    we use the security model to look at the 3 states of data, the 3 categories of data and 3 types of countermeasures as a guidelines to make a solid security system
  30. Give at least five examples each of Physical, Administrative, and Technical Controls to support Information Security.
  31. Define Safeguard/Control:
    any action, device, procedure, technique, or other measure that reduces/mitigates a system’s vulnerability to a threat
  32. A malicious attacker must have three things: (Hint: Mom)
    • Method
    • Opportunity
    • Motive

    NOTE:Deny any of those three things and the attack will not occur. However, it is not easy to cut these off.
  33. Define method:
    the skills, knowledge, tools, and other things with which to be able to pull off the attack
  34. Define opportunity:
    the time and access to accomplish the attack
  35. Define motive:
    a reason to want to perform this attack against this system
  36. Define risk:
    is the possibility for harm to occur
  37. Harm occurs when ____ is realized against a _____.
    threat,  vulnerability
  38. List the ways we can we deal with a risk (the possibility for harm to occur)

    note: come up with an acconmy or somthing
    • prevent it
    • deter it
    • deflect it
    • detect it
    • recover
  39. How can we prevent a risk?
    How can a risk be prevented?
    we prevent a risk by blocking the attack or closing the vulnerability.
  40. How can we deter a risk?
    How can a risk be deterred?
    by making the attack harder but not impossible
  41. How can we deflect a risk?
    How can a risk be deflected?
    by making another target more attractive
  42. When can we detect a risk?
    either as it happens or some time after the fact
  43. How can we recover from a risk?
    have data backed up
  44. What is a 3-Tier Business Architecture?
    A 3-Tier Business Architecture uses 3 sets of computers, a client computer for the presentation tier, a server for the application tier, and a database for the data tier.
Card Set
Chapter 0_review/vocab
Chapter 0 ITEC_3388 Cybersecurity