Information Assurance and Security 2

Information Assurance and Security 2

Information assurance is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data.


cryptographyThe contemporary differs substantially from the classic one, which used pen and paper for encryption and which was far less complex.
Infrastructure AccessThe Layer describes the notion that access to infrastructure components has to be constrained to business ought-to-know. For instance, access to servers.
computer network protocolsТhe concept of layers illustrates that data communications and are designated to function in a layered manner, transferring the data from one layer to the next.
Encryptionconsists of changing the data located in files into unreadable bits of characters unless a key to decode the file is provided.
Physical AccessThe Layer describes the notion that the physical access to any system, server, computer, data center, or another physical object storing confidential information has to be constrained to business ought-to-know.
confidentialityThe principle dictates that information should solely be viewed by people with appropriate and correct privileges.
confidentialityThe aim of is to ensure that information is hidden from people unauthorized to access it.
physical dataAs regards to , its means of protection are somewhat similar – access to the area where the information is kept may be granted only with the proper badge or any different form of authorization, it can be physically locked in a safe or a file cabinet, there could be access controls, cameras, security, etc.
Data In MotionThe Layer describes the notion that data ought to be secured while in motion.
informationTo continue, confidentiality can be easily breached so each employee in an organization or company should be aware of his responsibilities in maintaining confidentiality of the delegated to him for the exercise of his duties.
EnigmaThe establishment of the rotor machine and the subsequent emergence of electronics and computing enabled the usage of much more elaborate schemes and allowed confidentiality to be protected much more effectively.
Application AccessThe Layer describes the notion that access to end-user applications have to be constrained to business ought-to-know.
CIA triadA principle which is a core requirement of information security for the safe utilization, flow, and storage of information is the .
confidentialityCIA stands for , integrity, and availability and these are the three main objectives of information security.
Availability: assuring that authorized users have continued access to information and resources.
Integrity:assuring that information and programs are changed only in a specified and authorized manner.
Confidentiality:controlling who gets to read information.
national defense systemFor a , the chief concern may be ensuring the confidentiality of classified information, whereas a funds transfer system may require strong integrity controls.
external systemsThe requirements for applications that are connected to will differ from those for applications without such interconnection.
Trojan horseWith attacks, for example, even legitimate and honest users of an owner mechanism can be tricked into disclosing secret data.
competitiveEarly disclosure may jeopardize advantage, but disclosure just before the intended announcement may be insignificant.
systemA that must be restored within an hour after disruption represents, and requires, a more demanding set of policies and controls than does a similar system that need not be restored for two to three days.
circumstancesThe weight given to each of the three major requirements describing needs for information security—confidentiality, integrity, and availability—depends strongly on .
Confidentialityis a requirement whose purpose is to keep sensitive information from being disclosed to unauthorized recipients.
mechanismsOne can implement that policy by taking specific actions guided by management control principles and utilizing specific security standards, procedures, and .
security policyA  is a concise statement, by those responsible for a system (e.g., senior management), of information values, protection responsibilities, and organizational commitment.
program of managementAn effective controls is needed to cover all aspects of information security, including physical security, classification of information, the means of recovering from breaches of security, and above all training to instill awareness and acceptance by people.
prudent policy setterIn any particular circumstance, some threats are more probable than others, and a must assess the threats, assign a level of concern to each, and state a policy in terms of which threats are to be resisted.
security policyTo be useful, a must not only state the security need (e.g., for confidentiality—that data shall be disclosed only to authorized individuals), but also address the range of circumstances under which that need must be met and the associated operating standards.
security policyThe framework within which an organization strives to meet its needs for information security is codified as .
activeComputers are entities, and programs can be changed in a twinkling, so that past happiness is no predictor of future bliss.
Management controlsare the mechanisms and techniques—administrative, procedural, and technical—that are instituted to implement a security policy.
management controlsSome are explicitly concerned with protecting information and information systems, but the concept of management controls includes much more than a computer's specific role in enforcing security.
articulationA major conclusion of this report is that the lack of a clear of security policy for general computing is a major impediment to improved security in computer systems.
Technical measuresmay prevent people from doing unauthorized things but cannot prevent them from doing things that their job functions entitle them to do.
softwareAs viruses have escalated from a hypothetical to a commonplace threat, it has become necessary to rethink such policies in regard to methods of distribution and acquisition of .
organizationAn must have administrative procedures in place to bring peculiar actions to the attention of someone who can legitimately inquire into the appropriateness of such actions, and that person must actually make the inquiry.
residual riskThe must be managed by auditing, backup, and recovery procedures supported by general alertness and creative responses.
cybersecurityInfo security is concerned with making sure data in any form is kept secure and is a bit broader than .
Cybersecurityis all about protecting data that is found in  form (such as computers, servers, networks, mobile devices, etc.) from being compromised or attacked.
information securityis another way of saying “data security.”
IT security tools.The process to protect that data requires more advanced
TRUECriminals are constantly surveying the environment
for an opportunity to commit crimes.
TRUEWhile you are walking, keep your mind on what is
going on around you.
FALSEWalk without purpose, scan the area around you and
make casual eye contact with others to display confidence.
TRUECarrying items makes you more vulnerable targets for
criminals.
TRUEIf you have an intuitive feeling something is wrong,
trust your instincts.
FALSEIf you feel vulnerable do not ask Police or
Security to escort you to your car
TRUEAlways closely guard their personal effects when it
comes to identity theft.
Security, Medical, Political, Environmental and Infrastructural Risks20 different risk markers grouped under five main categories
Technology, Private Alarm Response, Private Patrol Services, Private Security GuardsTypes of private security.
TRUECriminals are constantly surveying the environment for an opportunity to commit crimes.
TRUEFeeling confident about their organization's security level: When information security community members participated in the Cybersecurity Trends Report, they were asked how positive they felt about their security stance.
TRUEDisruptions in their day-to-day business: Time is money.
information securityComputer security and cybersecurity are both children of ______________________.
application of computer scienceIT is the ___________________for practical purposes, largely for industry (mainframes, supercomputers, datacentres, servers, PCs and mobile devices as endpoints for worker interaction) and consumers (PCs, mobile devices, IoT devices, and video game console endpoints for enduser lifestyles.)
conversationsing this high-level, objectively-derived data can simplify the ______________________ around risk.
interchangeable termsComputer security and cybersecurity are completely ___________________, and require digital computer technology from 1946’s ENIAC to now.
secure for the history of data predatingKeeping information___________________ electronic computers (such as ancient cryptography) to this very day falls under the banner of information security.
communicating internalBecause ratings are easy to understand, they are a useful mechanism for ____________________ and vendor risk to a non-technical audience in the C-suite, boardroom, or with the vendor in question.
physical and cyber riskBusiness partners and investors are increasingly aware of the importance of this topic, and companies are asked regularly about their effectiveness in securing data and managing both ___________________.
Cybersecurity ratings___________________ or security ratings are the cyber equivalent of a credit score.
information securityEnsuring proper HTTPS implementation for an e-commerce website or mobile app falls under cybersecurity and computer security, so it’s ___________________.
it pertains to businessIT security can probably be used interchangeably with cybersecurity, computer security and information security if ___________________.