Introduction To Information Security – Q/A
100% Correct
1) Maintenance and change: Consists of tasks necessary to support and
modify system for remainder of its useful life
2) Implementation: Needed software created; components ordered, received,
assembled, and tested
3) Physical design: Technologies to support the alternatives identified and
evaluated in the logical design are selected
Analysis: Consists of assessments of the organization, status of current
systems, and capability to support proposed systems ✔️Ans - Software
maintenance is the last phase of the SDLC, name the three kinds of software
maintenance and describe and give an example of each?
access ✔️Ans - A subject or object's ability to use, manipulate, modify, or
affect another subject or object
accuracy ✔️Ans - An attribute of information that describes how data is free
of errors and has the value that the user expects.
Asset ✔️Ans - The organizational resource that is protected.
Attack ✔️Ans - An intentional or unintentional act that can damage or
otherwise compromise information and the systems that support it.
authenticity ✔️Ans - An attribute of information that describes how data is
genuine original rather than reproduced or fabricated.
availability ✔️Ans - An attribute of information that describes how data is
protected from disclosure or exposure to unauthorized individuals or
systems.
bottom-up approach ✔️Ans - A method of establishing security policies that
begins as a grassroots effort in which systems administrators attempt to
improve the security of their systems.
, C.I.A. triangle ✔️Ans - The industry standard for computer security since the
development of the miniframe. The standard is based on three characteristics
that describe the utility information: confidentiality, integrity, and availability.
chief information office (CIO) ✔️Ans - An executive-level position that
oversees the organization's computing technology and strives to create
efficiency in the processing and access of the organization's information.
chief information security officer (CISO) ✔️Ans - typically considered the
top information security officer in an organization.
communications security ✔️Ans - The protection of all communications
media, technology, and content.
community of interest ✔️Ans - A group of people who are united by similar
interests or values within an organization and who share a common goal of
helping the organization to meet its objectives
computer security ✔️Ans - In the early days of the computers, this term
specified the need to secure the need to secure the physical location of
computer technology from outside threats.
Control, safeguard, or countermeasure ✔️Ans - Security mechanisms,
policies, or procedures that can successfully counter attacks, reduce risk,
resolve vulnerabilities, and otherwise improve security within an
organization.
data custodians ✔️Ans - people who are responsible for the storage,
maintenance, and protection of information.
data owners ✔️Ans - People who own the information and thus determine
the level of classification for their data and approve its access authorization.
data users ✔️Ans - People who work with the information to perform their
daily jobs and support the mission of the organization.
determine how the proposed system will solve the problem ✔️Ans - Which
of the following tasks are completed in the investigation phase of the SDLC?
100% Correct
1) Maintenance and change: Consists of tasks necessary to support and
modify system for remainder of its useful life
2) Implementation: Needed software created; components ordered, received,
assembled, and tested
3) Physical design: Technologies to support the alternatives identified and
evaluated in the logical design are selected
Analysis: Consists of assessments of the organization, status of current
systems, and capability to support proposed systems ✔️Ans - Software
maintenance is the last phase of the SDLC, name the three kinds of software
maintenance and describe and give an example of each?
access ✔️Ans - A subject or object's ability to use, manipulate, modify, or
affect another subject or object
accuracy ✔️Ans - An attribute of information that describes how data is free
of errors and has the value that the user expects.
Asset ✔️Ans - The organizational resource that is protected.
Attack ✔️Ans - An intentional or unintentional act that can damage or
otherwise compromise information and the systems that support it.
authenticity ✔️Ans - An attribute of information that describes how data is
genuine original rather than reproduced or fabricated.
availability ✔️Ans - An attribute of information that describes how data is
protected from disclosure or exposure to unauthorized individuals or
systems.
bottom-up approach ✔️Ans - A method of establishing security policies that
begins as a grassroots effort in which systems administrators attempt to
improve the security of their systems.
, C.I.A. triangle ✔️Ans - The industry standard for computer security since the
development of the miniframe. The standard is based on three characteristics
that describe the utility information: confidentiality, integrity, and availability.
chief information office (CIO) ✔️Ans - An executive-level position that
oversees the organization's computing technology and strives to create
efficiency in the processing and access of the organization's information.
chief information security officer (CISO) ✔️Ans - typically considered the
top information security officer in an organization.
communications security ✔️Ans - The protection of all communications
media, technology, and content.
community of interest ✔️Ans - A group of people who are united by similar
interests or values within an organization and who share a common goal of
helping the organization to meet its objectives
computer security ✔️Ans - In the early days of the computers, this term
specified the need to secure the need to secure the physical location of
computer technology from outside threats.
Control, safeguard, or countermeasure ✔️Ans - Security mechanisms,
policies, or procedures that can successfully counter attacks, reduce risk,
resolve vulnerabilities, and otherwise improve security within an
organization.
data custodians ✔️Ans - people who are responsible for the storage,
maintenance, and protection of information.
data owners ✔️Ans - People who own the information and thus determine
the level of classification for their data and approve its access authorization.
data users ✔️Ans - People who work with the information to perform their
daily jobs and support the mission of the organization.
determine how the proposed system will solve the problem ✔️Ans - Which
of the following tasks are completed in the investigation phase of the SDLC?
