Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
22 Cards in this Set
- Front
- Back
IT SECURITY |
protection of an automated information system in order to attain the applicable objectives of preserving the integrity, availability, confidentiality of information system resources (hardware, software, information) |
|
CONFIDENTIALITY |
prevent unauthorised disclosure of information |
|
INTEGRITY |
prevent unauthorised modification of information |
|
AVAILABILITY |
guarantee access to information |
|
AUTHENTICITY |
determine "who" (who is accessing, who sent the message, etc) |
|
ACCOUNTABILITY |
ensure traceability of actions |
|
SECURITY MANAGEMENT |
process with the aim to achieve and maintain appropriate level of security objectives - determining objectives, requirements, strategies and policies - identifying and analyzing threats and risks - detecting and reacting to incidents |
|
PHYSICAL SECURITY |
- emergencies (fire, smoke, blackout, etc) - natural disaster ( earthquakes, storm damage) |
|
PRIVACY |
- right of an individual to determine what information about himself may be communicated to others - measure of control an individual has over information about himself |
|
DATA PROTECTION |
legal protection of an individual's privacy |
|
HUMAN RESOURCES |
- awareness (security issues) --> what - education --> why - personnel security |
|
AUDITING (ISPEZIONE) |
periodic assessment about the effectiveness and efficiency of the planned security and implemented controls an auditor can be external or internal |
|
SECURITY POLICIES (3 TYPES) |
ORGANISATIONAL: how an organization manages and protects resources to achieve objectives TECHINICAL: how a computing system prevents violation CONFIGURATION: configuration files for security solutions and tools |
|
SECURITY RISK ANALYSIS (4 APPROACHES) |
1. BASELINE APPROACH 2. INFORMAL APPROACH 3. FORMAL APPROACH 4. COMBINED APPROACH |
|
BASELINE APPROACH |
- addresses most common threats - easy, cheap, can be replicated - no attention to organization - too much or too little security - good for small organizations |
|
INFORMAL APPROACH |
- incorrect assessment for some risks - informal analysis - quick, cheap - small, medium organisations |
|
FORMAL APPROACH |
- numbered stages, likelihood of risk and consequences, appropriate controls - slow and costly - big organisations |
|
COMBINED APPROACH |
- baseline on all systems - informal analysis - formal assessment - iterated and extended over time |
|
ASSET |
anything that has value for the organisation |
|
THREAT |
potential incident which may result in harm to system/organisation |
|
VULNERABILITY |
a weakness of an asset which can be a threat |
|
RISK |
the potential that a given threat will exploit vulnerabilities of an asset to cause loss or damage to the asset |