Science Computer Science Computer Security and Reliability
CSE 4471 Exam 1 Information Security, Ohio State
University-Main Campus \complete questions and
correct detailed answers \verified answers
If software must be developed Product Quality
on a strictly tight time-frame
and within a strictly tight
budget, what is likely to
suffer?
Quality and security designed into software
considerations should
optimally be
The ability to interact with a Access
resource, legitmately or
otherwise
A specific resource of value Asset
An act, intentional or Attack
unintentional, that may
damage an asset
A specific mechanism or Countermeasure
policy intended to improve
security against a threat or
set of
threats
A technique used to Exploit
compromise an information
system
An instance of an Loss
information asset suffering
damage
An object, person, or other Threat
entity which represents a
potential danger to assets
,A system weakness or Vulnerability
fault which
decreases security
An executive-level position CIO
that oversees the
organization's computing
technology and strives to
create efficiency in the
processing and access of the
organization's information
Though sometimes not an CISO
executive level position, this
person is typically the top
information security
professional in an
organization
This position is ultimately CEO
responsible for all aspects of
an organization's business,
including information
security responsibilities
C in CIA Confidentiality
I in CIA Integrity
A in CIA Availability
The ARPANet was a False
device used during WW2
to encrypt data and
securely share with
others
RAID is an acronym about True
redundancy of disk drives
are responible Data Owners
(authoritative) for the
security and use of data
are responsible for Data Custodians
information and systems
, that process, transmit, and
store data
are appointed to oversee Data Trustees
management of data and
coordinate with data
have access to information Data Users
A Security Framework True
provides a common language
for security efforts of an
organization
What is the purpose of Policies define authority, Standards define the rules by
policies, standards, and which the organization will manage risks, Procedures
procedures? define how to comply
What type of education is job Training
specific and requires
acceptance?
According to NIST, what Awareness
has the purpose of focusing
attention on general
security?
- review procedures and practices
- policy and revision dates
To remain viable, a policy - schedule of reviews
must have - responible manager or policy administrator
- policy management
CSE 4471 Exam 1 Information Security, Ohio State
University-Main Campus \complete questions and
correct detailed answers \verified answers
If software must be developed Product Quality
on a strictly tight time-frame
and within a strictly tight
budget, what is likely to
suffer?
Quality and security designed into software
considerations should
optimally be
The ability to interact with a Access
resource, legitmately or
otherwise
A specific resource of value Asset
An act, intentional or Attack
unintentional, that may
damage an asset
A specific mechanism or Countermeasure
policy intended to improve
security against a threat or
set of
threats
A technique used to Exploit
compromise an information
system
An instance of an Loss
information asset suffering
damage
An object, person, or other Threat
entity which represents a
potential danger to assets
,A system weakness or Vulnerability
fault which
decreases security
An executive-level position CIO
that oversees the
organization's computing
technology and strives to
create efficiency in the
processing and access of the
organization's information
Though sometimes not an CISO
executive level position, this
person is typically the top
information security
professional in an
organization
This position is ultimately CEO
responsible for all aspects of
an organization's business,
including information
security responsibilities
C in CIA Confidentiality
I in CIA Integrity
A in CIA Availability
The ARPANet was a False
device used during WW2
to encrypt data and
securely share with
others
RAID is an acronym about True
redundancy of disk drives
are responible Data Owners
(authoritative) for the
security and use of data
are responsible for Data Custodians
information and systems
, that process, transmit, and
store data
are appointed to oversee Data Trustees
management of data and
coordinate with data
have access to information Data Users
A Security Framework True
provides a common language
for security efforts of an
organization
What is the purpose of Policies define authority, Standards define the rules by
policies, standards, and which the organization will manage risks, Procedures
procedures? define how to comply
What type of education is job Training
specific and requires
acceptance?
According to NIST, what Awareness
has the purpose of focusing
attention on general
security?
- review procedures and practices
- policy and revision dates
To remain viable, a policy - schedule of reviews
must have - responible manager or policy administrator
- policy management
