Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
7 Cards in this Set
- Front
- Back
Q1: Explain the goal of information systems security |
Major elements of IS security: Threat – person or organization seeks to obtain data or other assets illegally, without owner’s permission and often without owner’s knowledge Vulnerability – opportunity for threats to gain access to individual or organizational assets; for example, when you buy online, you provide your credit card data, and as data is transmitted over Internet, it is vulnerable to threats Safeguard – measure individuals or organizations take to block threat from obtaining an asset; not always effective, some threats achieve their goal in spite of safeguards Target – asset desired by threat |
|
Q2: Explain how you should respond to security threats |
-Take security seriously -Create strong passwords -Use multiple passwords -Send no valuable data via email -Use https at trusted, reputable vendors -Remove high value assets from computers -Consider security for all business initiatives |
|
Q3: Discuss how organizations respond to security threats |
Establish a company-wide security policy: -What sensitive data to store -How it will process that data -Will data be shared with other organizations-How employees and others can obtain copies of data stored about them |
|
Q4: Explain how technical safeguards protect against security threats |
-Identification and Authentication -Encryption -Firewalls -Malware Protection -Design for secure applications |
|
Q5: Explain how data safeguards protects against security threats |
-Define data policies -Data rights and responsibilities -Rights enforced by user accounts authenticated by passwords -Data Encryption -Backup and recovery procedures -Physical security |
|
Q6: Explain how human safeguards protect against security threats |
Position Definition -Separate duties and authorities -Determine least privilege -Document position sensitivity Hiring and Screening Dissemination and enforcement -responsibility, accountability, compliance Termination -Friendly/Unfriendly |
|
Q7: Explain how organizations should respond to security threats |
-Have a plan in place -Centralized reporting Specific responses -speed, preparation pays, don't make problem worse -Practice |