Principles of Information Security Ch. 4 Self-Assessment
About this set
Created by:
mrtill3368 on June 27, 2011
Subjects:
computer, it, information, security
Classes:
Log in to favorite or report as inappropriate.
Order by
19 terms
Terms | Definitions |
|---|---|
 risk management | Risk identification is performed within a larger process of identifying and justifying risk controls, which is called ___. |
| risk control | The second major undertaking involved in risk management, after risk identification, is___. |
| know the enemy and know yourself | According to Chinese General Sun Tzu, you should ___. |
| assets | For information security purposes, ___ are the systems that use, store, and transmit information. |
| information | The ___ community of interest should have the best understanding of threats and attacks and often takes a leadership role in addressing risks. |
| information technology | The ___ community of interest must assist in risk management by configuring and operating information systems in a secure fashion. |
| general management | The ___ community of interest must ensure sufficient resources are allocated to the risk management process. |
| information assets | Risk management strategy calls on information security professionals to know their organization's ___. |
| applications, operating systems, security components | The traditional system component of software can be broken into three components when viewed from an information security perspective: ___, ___, and ___. |
| intranet components and internet or dmz components | Hardware networking components can be broken down into two subgroups when viewed from an information security perspective: ___ and ___. |
| media access control (MAC) address | All network devices are assigned a unique number by the hardware at the network interface layer called the ___. |
| field change order (FCO) | The repair, modification, or update of a piece of equipment, usually made at the customer's premises, is called a ___. |
| weighted factor analysis | ___ is the process of assigning scores for critical factors, each of which is weighted in importance by the organization. |
| list assets in order of their importance to the organization | The purpose of a weighted factor analysis is to ___. |
| data classification schemes | In order to ensure effort is spent protecting information that needs protecting, organizations implement ___. |
| a relatively small number | All data classification schemes use ___ of categories. |
| security clearance | When individuals are assigned security labels for access to categories of information, they have acquired ___. |
| threat assessment | The process of examining how each threat will affect an organization is called a ___. |
| vulnerabilities | Specific avenues that threat agents can exploit in attacks on information assets are called ___. |
First Time Here?
Welcome to Quizlet, a fun, free place to study. Try these flashcards, find others to study, or make your own.