• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/31

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

31 Cards in this Set

  • Front
  • Back
This person Reports directly to the Chief Information Officer. Responsible for assessing, managing, and implement security.
Chief Information Security Officer
This person reports to the CISO and supervises technicians, administrators, and security staff. Typically this person works on tasks identified by the CISO and resolves issues identified by technicians. This position requires an understanding of configuration and operation but not necessarily technical mastery.
Security Manager
This person has both technical knowledge and managerial skills. Manages daily operations of security technology, and may analyze and design security solutions within a specific entity as well as identifying user needs.
Security Administrator
This position is generally an entry level position for a person who has the necessary technical skills. This person provides technical support to configure security hardware, implement security software, and diagnose and troubleshoot problems.
Security Technician
Is a specific and fail-safe solution that very quickly and easily solves a serious problem.
Silver Bullet
List 10 things that cause difficulties in defending against attacks.

1. Universally connected devices


2. Increased speed of attacks


3. Greater sophistication of attacks


4. Availability and simplicity of attack tools


5. Faster detection of vulnerabilities


6. Delays in security updating


7. Weak security update distribution


8. Distributed attacks


9. Introduction of BYOD


10. User confusion

Universally connected devices
Attackers from anywhere in the world can send an attack.
Increased speed of attacks
Attackers can launch attacks against millions of computers within minutes.
Greater sophistication of attacks
Attack tools vary their behavior so the same attack appears differently each time.
Availability and simplicity of attack tools
Attacks are no longer limited to highly skilled attackers.
Faster detection of vulnerabilities
Attackers can discover security holes in hardware or software more quickly.
Delays in security updating
Vendors are overwhelmed trying to keep pace updating their products against the latest attacks.
Weak security update distribution
Many software products lack the means to distribute security updates in a timely fashion.
Distributed Attacks
Attackers use thousands of computers in an attack against a single computer or network.
Introduction of BYOD (Bring Your Own Device)
Organizations are having difficulty providing security for a wide array of personal devices.
User Confusion
Users are required to make difficult security decisions with little or no instruction.
Security - General Definition
To take the necessary steps to protect a person or property from harm.
The more "secure" something is the less _______ it will likely be.
Convenient
What is Information Security frequently described as?
Described as securing information that is in a digital format.
3 Protections that must be extended over information

1. Confidentiality


2. Integrity


3. Availability

What is "AAA"?

1. Authentication


2. Authorization


3. Accounting

Ensures that the individual is who she claims to be (the
authentic or genuine person) and not an imposter.
Authentication
is providing permission or approval to specific technology resources.
Authorization
provides tracking of events. This may include a record of who accessed the web server, from what location, and at what specific time.
Accounting
Information security is achieved through a process that is a combination of three entities. Name them?
products, people, and policies and procedures.
Comprehensive definition of information security?
defined as that which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures.
Data that has been collected,
classified, organized, and stored
in various forms
Information
Software that supports the business processes of the organization
Customized business software
Software that provides the foundation for application software
System Software
Computers equipment, communications equipment, storage media, furniture, and
fixtures are all?
Physical Items
Services
Outsourced computing services