Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
|
The absence or weakness in a system that may possibly be exploited is called a
|
vulnerability
|
|
|
The probability that a threat to an information system will materialize is called
|
risk
|
|
|
Security assurance requirements describe:
|
how to test the system
|
|
|
Security functional requirements describe:
|
what a security system should do by design
|
|
|
The two types of IT security requirements are:
|
functional and assurance
|
|
|
The weadest link in any security system is the:
|
human element
|
|
|
Defense in depth is needed to assure that which three mandatory activities are present in a security system?
|
prevention, detection, and response
|
|
|
The CIA triad is often represented by a:
|
triangle
|
|
|
Related to information security, confidentiality is the opposite of which of the following?
|
disclosure
|
|
|
Making sure that data has not been changed unintentionally due to an accident or malice is:
|
Integrity
|
|
|
The three goals of information security are:
|
confidentiality, integrity, and availability
|
|
|
Controls are implemented to:
|
mitigate risk and eliminate the potential for loss.
|
|
|
A cookbook on how to take advantage of a vulnerability is called an
|
exploit
|
|
|
The three types of security controls are:
|
people, process, and technology
|
|
|
Process controls for IT security include:
|
A) assignment of roles for least privilege
B) separation of duties C) documented procedures |
