Upgrade to remove ads
BCIS Raul Exam 1
Terms in this set (30)
Is a model designed to guide policies for information security within an organization.
The protection of information within systems so that unauthorized people, programs, and processes cannot access that information
Practice of hiding data and keeping it away from unauthorized users (confidentiality)
The process of transforming data from cleartext into ciphertext(confidentiality)
The scrambled data that are the result of encrypting cleartext(confidentiality)
The protection of information or processes from intentional or accidental unauthorized changes. Maintain valid, uncorrupted, and accurate information.
The assurance that information and systems are accessible by authorized users whenever needed. Protection from DDoS attacks, vandalism, natural disasters, and human error. Usually refers to the uptime of a service/server/application.
Information assets such as computers, databases, storage space, documents, and networks.
Holes in the security measures taken by an organization, such as social engineering, firewall loopholes, and unprotected networks.
Threats are attacks in the security of the organization, if they are able to breach the security of the organization, it is now an attack.
Usually the security measures used by an organization to protect their information assets such as user guidelines, firewalls, and restricted access.
Segregation of Duties
Also known as "separation of duties", "separation of privileges", "split knowledge", "dual control", etc. No single person should have enough authority to cause a critical event to happen. Prevents one individual from having control of an entire process and so as to manipulate the process for personal gain.
The subjects should be granted access only to the objects necessary for completion of their tasks. Having the authorization or clearance to see a particular classification level of information is not sufficient reason to see all information at that level.
The Subjects should be granted the minimum level of access (the most restrictive set of privileges) needed for the performance of authorized tasks. Limits the damage that may result from security breaches or incidents. If Read-Only is sufficient, don't grant Read-Write.
Provides users with a way to stratify sensitive information. Provides a system for applying safeguards appropriate to the level of confidentiality required. The classifications must be mutually exclusive. Do not use more than 9 and no less than 5 classifications.
Typically a member of the organization who is in charge of a specific business operation that generates the data in question. Responsible for any negligent act that results in the corruption or disclosure of the data. Determines and changes the classification of data he is responsible for.
Often has to delegate data protection tasks to a data custodian, usually the information security function.
A set of nonbinding recommendations for performing the task. Define behaviors that cannot be enforced but are desirable
Defines what the expectations are when perform a security task
Procedures are step-by-step instructions describing exactly how employees are expected to act in a given situation or to accomplish a specific task.
Top concern is Confidentiality, and it is a Security Model. Simple security rule (No red up) no subjects can read information from an object with a higher security classification. *-property (No write down) - A subject cannot write to an object with a lower security classification.
The British standard for information security management.
The Code of Practice for Information Security Management is a standard sanctioned by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). 11 control areas, 39 control objectives, 133 controls.
1. Domains 2. Control Objectives 3. Detail Control Objectives
Social Engineering Physical Attack
People being physically present and making personal contact
Social Engineering Physical Object Attack
May steal a physical object such as a smartphone, USB drive, or file folder.
Social Engineering Psychological Attack
Some attacks may be psychological in nature or use element of both.
Linux Primary Parts
Linux Primary Functions
System memory management
Software program management
Linux most used shell:
YOU MIGHT ALSO LIKE...
Information Security Chapter 2.
Security - Chapter 02 - Review*
OTHER SETS BY THIS CREATOR
Raul BCIS Exam
CB - Chapter 12 (Self-Concept & Lifestyle)
Consumer Behavior Exam 1
MGMT 4660 Exam 5
OTHER QUIZLET SETS
Genetics Midterm #2
Overview of Lab Testing
Junior ENGLISH LIT Midterm Exam