IAS mod1

avatar
Created by
Michaella Deborja

Cards (80)

  • Information security is a well-informed sense of assurance that the information risks and controls are in balance.
  • Information Security refers to the processes and methodologies designed and implemented to protect print, electronic, or any other form of confidential, private, and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.
  • The history of computer security evolved into information security.
  • It is impossible to obtain perfect security, it is a process, not an absolute.
  • When the subject of an attack, computer is used as an active tool to conduct attack.
  • To achieve balance, the level of security must allow reasonable access, yet protect against threats.
  • Key advantage of Bottom-Up approach is the technical expertise of individual administrators.
  • Seldom works, as it lacks a number of critical features such as Participant support, Organizational staying power.
  • There are two types of attack: Hacker uses their computer to break into a system and System is compromised and used to attack other systems.
  • Security should be taken as a balance between the protection and availability of information.
  • When the object of an attack, computer is the entity being attacked.
  • Computer can be the subject of an attack or the object of an attack.
  • Security should be considered as a balance between protection and availability.
  • Approaches to Information Security Implementation include Bottom-Up, Grassroots effort where systems administrators attempt to improve security of their systems.
  • Understanding the key terms and critical concepts of information security is necessary.
  • Outlining the phases of the security systems development life cycle is crucial in information security.
  • Information security is a "well-informed sense of assurance that the information risks and controls are in balance."
  • The implementation of information security is often described as a combination of art and science.
  • Successful organizations have multiple layers of security in place: physical, personal, operations, communications, network, and information.
  • Security should be considered a balance between protection and availability.
  • Information security must be managed similar to any major system implemented in an organization using a methodology like SecSDLC.
  • Computer security began immediately after first mainframes were developed.
  • Understanding the roles of professionals involved in information security within an organization is essential.
  • Laptops and flash memory are often the most valuable asset and are the main target of intentional attacks.
  • Information System (IS) is the entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organization.
  • Networks need locks and keys won't work.
  • Hardware requires physical security policies to secure the physical location.
  • People are the weakest link and must be well trained and informed.
  • Procedures are a threat to the integrity of data.
  • Software is perhaps the most difficult to secure and is often an easy target for exploitation.
  • Approaches to Information Security Implementation can be top-down, initiated by upper management.
  • Traditional SDLC consists of six general phases: planning, analysis, design, development, implementation, and maintenance.
  • Methodology is a formal approach to problem-solving based on a structured sequence of procedures.
  • Goals and expected outcomes of a project are determined during Information Security Implementation.
  • Information Security Implementation involves issuing policy, procedures, and processes.
  • Systems development life cycle (SDLC) is a methodology and design for implementation of information security within an organization.
  • Using a methodology ensures a rigorous process and avoids missing steps.
  • Accountability for each required action is determined during Information Security Implementation.
  • The goal of Information Security Implementation is to create a comprehensive security posture/program.
  • The most successful Information Security Implementations involve a formal development strategy referred to as systems development life cycle.