Module 1: Introduction to Information
Security
When unauthorized individuals or systems can view information, confidentiality is
breached. (T/F) - True
The _________ component of an information system comprises applications, operating
systems, and assorted command utilities. - software
A champion is a project manager, who may be a departmental line manager or staff unit
manager, and has expertise in project management and information security technical
requirements. (T/F) - False
In 1993, the first ______ conference was held in Las Vegas. Originally, it was
established as a gathering for people interested in information security, including
authors, lawyers, government employees, and law enforcement officials. - DEFCON
The bottom-up approach to information security has a higher probability of success than
the top-down approach. (T/F) - False
Correct answer: lower
Any event or circumstance that has the potential to adversely affect operation and
assets is known as a(n) ________. - threat
A technique used to compromise a system is known as a(n) _____________. - exploit
Individuals who control, and are therefore ultimately responsible for, the security and
use of a particular set of information are known an data ___________. - owners
The Internet brought ____________________ to virtually all computers that could reach
a phone line or an Internet-connected local area network. - connectivity
Information has redundancy when it is free from mistakes or errors and it has the vale
that the end user expects. (T/F) - False
Correct answer: accuracy
The protection of the confidentiality, integrity, and availability of information assets,
whether in storage, processing, or transmission, via the application of policy, education,
training and awareness, and technology is known as ___________. - information
security
, A hardware system is the entire set of people, procedures, and technology that enable
business to use information. (T/F) - False
Correct answer: information system
Hardware is the physical technology that houses and executes the software, stores and
transports the data, and provides interfaces for the entry and removal of information
from the system. (T/F) - True
Much of the early research on computer security centered on a system called
Management Information and Computing Service (MULTICS). (T/F) - False
Correct answer: Multiplexed Information and Computing Service
_________ has become widely accepted evaluation standard for training and education
related to the security of information systems and is hosted by CNSS. - NSTISSI No.
4011
A data custodian works directly with data owners and is responsible for the storage,
maintenance, and protection of the information. (T/F) - True
Information security can be absolute. (T/F) - False
The protection of tangible items, objects, or areas from unauthorized access and
misuse is known as ___________. - physical security
Information has ____________________ when it is whole, complete, and uncorrupted. -
integrity
_________ of information is the quality or state of being genuine or original, rather than
a reproduction or fabrication. - Authenticity
A computer is the ___________ of an attack when it is used to conduct an attack
against another computer. - subject
In an organization, the value of ___________ of information is especially high when it
involves personal information about employees, customers, or patients. - confidentiality
Which of the following was not an identified fundamental problem with ARPANET
security? - Nonexistence user identification and authorization
The history of information security begins with the concept of communication security.
(T/F) - False
Correct answer: computer security
Security
When unauthorized individuals or systems can view information, confidentiality is
breached. (T/F) - True
The _________ component of an information system comprises applications, operating
systems, and assorted command utilities. - software
A champion is a project manager, who may be a departmental line manager or staff unit
manager, and has expertise in project management and information security technical
requirements. (T/F) - False
In 1993, the first ______ conference was held in Las Vegas. Originally, it was
established as a gathering for people interested in information security, including
authors, lawyers, government employees, and law enforcement officials. - DEFCON
The bottom-up approach to information security has a higher probability of success than
the top-down approach. (T/F) - False
Correct answer: lower
Any event or circumstance that has the potential to adversely affect operation and
assets is known as a(n) ________. - threat
A technique used to compromise a system is known as a(n) _____________. - exploit
Individuals who control, and are therefore ultimately responsible for, the security and
use of a particular set of information are known an data ___________. - owners
The Internet brought ____________________ to virtually all computers that could reach
a phone line or an Internet-connected local area network. - connectivity
Information has redundancy when it is free from mistakes or errors and it has the vale
that the end user expects. (T/F) - False
Correct answer: accuracy
The protection of the confidentiality, integrity, and availability of information assets,
whether in storage, processing, or transmission, via the application of policy, education,
training and awareness, and technology is known as ___________. - information
security
, A hardware system is the entire set of people, procedures, and technology that enable
business to use information. (T/F) - False
Correct answer: information system
Hardware is the physical technology that houses and executes the software, stores and
transports the data, and provides interfaces for the entry and removal of information
from the system. (T/F) - True
Much of the early research on computer security centered on a system called
Management Information and Computing Service (MULTICS). (T/F) - False
Correct answer: Multiplexed Information and Computing Service
_________ has become widely accepted evaluation standard for training and education
related to the security of information systems and is hosted by CNSS. - NSTISSI No.
4011
A data custodian works directly with data owners and is responsible for the storage,
maintenance, and protection of the information. (T/F) - True
Information security can be absolute. (T/F) - False
The protection of tangible items, objects, or areas from unauthorized access and
misuse is known as ___________. - physical security
Information has ____________________ when it is whole, complete, and uncorrupted. -
integrity
_________ of information is the quality or state of being genuine or original, rather than
a reproduction or fabrication. - Authenticity
A computer is the ___________ of an attack when it is used to conduct an attack
against another computer. - subject
In an organization, the value of ___________ of information is especially high when it
involves personal information about employees, customers, or patients. - confidentiality
Which of the following was not an identified fundamental problem with ARPANET
security? - Nonexistence user identification and authorization
The history of information security begins with the concept of communication security.
(T/F) - False
Correct answer: computer security
