BCIS 4630 EXAM 1 – WU STUDY GUIDE

BCIS 4630 EXAM 1 – WU STUDY GUIDE

CIA Triad - Answer --Confidentiality
-Integrity
-Availability

Confidentiality - Answer -The protection of information within systems so that
unauthorized people, programs, and processes cannot access that information.
-Primary tool: encryption

Integrity - Answer -The protection of information or processes from intentional or
accidental unauthorized changes.
-No unauthorized alteration

Availability - Answer -The assurance that information and systems are accessible by
authorized users whenever needed.

DAD Triad - Answer --Disclosure
-Alteration
-Denial

Disclosure - Answer -Unauthorized individuals gain access to confidential information

Alteration - Answer -Data is modified through some unauthorized mechanism

Denial - Answer -Authorized users cannot gain access to a system for legitimate
purposes

Segregation of Duties - Answer -No single person should have enough authority to
cause a critical event to happen.

Need to Know - Answer -Subjects should be granted access only to the objects
necessary for completion of their tasks.

Least Privilege - Answer -Subjects should be granted the minimum level of access
needed for the performance of authorized tasks.

Bell-LaPadula - Answer -Simple security rule
-No subjects can read info from an object with higher security classification
-A subject cannot write to an object with a lower security classification

Defence in Depth - Answer --"Layered Protection"
-Organization must have a layered defense at the perimeter, network, equipment, and
data layers

, BS7799 - Answer --British standard for info sec management
-Provides framework necessary to create a secure system

ISO17799 - Answer --Provides a series of systematic recommendations for building a
security program that fits a company's business model.
-It's easy to map the requirements from SOX, GLBA, and HIPAA to ISO17799

Structure of ISO17799 - Answer --11 control areas, 39 control objectives, 133 controls
-A control is an action, process, or technology that can lower the risk to a company

ITIL - Answer --IT Infrastructure Library
-A collection of books grouped into areas including service delivery, service support,
security management, application management, etc.
-Like CobiT, ITIL focuses on IT processes

CobiT - Answer -Control Objectives for Info and Related Technology
-Centers on the IT processes of an organization, which are broken down into four
domains

CobiT Hierarchy - Answer --Domains
-Control Objectives
-Detailed Control Objectives

SOX (Sarbanes-Oxley Act) - Answer --Public company accounting reform and investor
protection act of 2002.
- Protect from Enron scandals.
- SOX section 404 is most important for us (Assessment of internal controls).

OSI Layers - Answer --Application
-Presentation
-Session
-Transport
-Network
-Data Link
-Physical

Encapsulation - Answer -Data is passed down from higher layers to lower ones, each
layer creates its header and places the data given to it by the next-higher layer behind
its own header, thereby encapsulating the higher layer's data.
-Data Link layer creates a trailer

3 private IP address ranges - Answer -Class A: 10.0.0.0 - 10.255.255.255
Class B: 172.16.0.0 - 172.31.255.255
Class C: 192.168.0.0 - 192.168.255.255

FTP - Data (port) - Answer -TCP 20