This website uses cookies to ensure you have the best experience. Learn more

Principles Of Information Security Chapter 1

4922 words - 20 pages

Principles of Information Security, 4th Edition

1 Chapter 1

1 Review Questions

1. What is the difference between a threat agent and a threat?

A threat agent is the facilitator of an attack, whereas a threat is a category of objects, persons, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful. Fire is a threat; however, a fire that has begun in a building is an attack. If an arsonist set the fire then the arsonist is the threat agent. If an accidental electrical short started the fire, the short is the threat agent.

2. What is the ...view middle of the document...

These three components are frequently used to conveniently articulate the objectives of a security program that must be used in harmony to assure an information system is secure and usable.

6. If the C.I.A. triangle is incomplete, why is it so commonly used in security?

The CIA triangle is commonly used in security because it addresses the fundamental concerns of information: confidentiality, integrity, and availability. It is still used when not complete because it addresses all of the major concerns with the vulnerability of information systems.

7. Describe the critical characteristics of information. How are they used in the study of computer security?

The critical characteristics of information define the value of information. Changing any one of its characteristics changes the value of the information itself. There are seven characteristics of information:
• Availability enables authorized users - either persons or computer systems - to access information without interference or obstruction, and to receive it in the required format.
• Accuracy occurs when information is free from mistakes or errors and it has the value that the end user expects.
• Authenticity of information is the quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is in the same state in which it was created, placed, stored, or transferred.
• Confidentiality is achieved when disclosure or exposure of information to unauthorized individuals or systems is prevented. Confidentiality ensures that only those with the rights and privileges to access information are able to do so.
• Integrity of information is maintained when it is whole, complete, and uncorrupted.
• Utility of information is the quality or state of that information having value for some purpose or end. Information has value when it serves a particular purpose.
• Possession of information is the quality or state of ownership or control of some object or item. Information is said to be in one’s possession if one obtains it, independent of format or other characteristics.

8. Identify the six components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study?

The six components are software, hardware, data, people, procedures, and networks.

People would be impacted most by the study of computer security. People can be the weakest link in an organization’s information security program. And unless policy, education and training, awareness, and technology are properly employed to prevent people from accidentally or intentionally damaging or losing information, they will remain the weakest link. Social engineering can prey on the tendency to cut corners and the commonplace nature of human error. It can be used to manipulate the actions of...

Other Papers Like Principles of Information Security Chapter 1

Principles Of Information Security Essay

307 words - 2 pages 1. What is risk management? Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? Risk management is the process of identifying risk, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level. Each of the three elements in the C.I.A. triangle, introduced in Chapter 1, is an

Principles of Security 5th Edition Chapter 1 Review Questions

844 words - 4 pages make a system weak and open to attacks without protection. 3. How is infrastructure protection (assuring the security of utility services) related to information security? If the infrastructure of a network is exposed and accessible to anyone this leaves the network vulnerable to damage both to hardware and software. The infrastructure must be protected to allow only authorized user to have access to the network. 4. What type of

Principles of Information-Systems Security

923 words - 4 pages objectives of the information security plan. For instance, technologies can be used to monitor and track who is accessing specific documents and content, and how frequently. Some machine-readable security labels can be applied in a manner that they are unrecognizable to the human eye. Giving account for all items to be secured is just one of the many levels of having a strong security system. To conclude I wish to remind you that there isn’t a

: Ab #1 Fundamentals of Information Systems Security

661 words - 3 pages Assessment Worksheet 15 1 Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Using Zenmap GUI (Nmap) LAb #1 – ASSESSMENT WORKSHEET Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Course Name and Number: Fundamentals of Information Security Lab due date: Overview Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the

The Six Principles of Breakthrough Learning (Introduction and Chapter 1)

969 words - 4 pages LTEC 4040 – Unit 1 Key Points and Implications Name: Jennie Larry Johnson Date: January 24, 2016 Key Points Reading: The Six Principles of Breakthrough Learning (Introduction and Chapter 1) and High Impact Learning (Foreword, Preface and Chapter 1) The Six Principles of Breakthrough Learning Page 12 Key Point “Management has a fiduciary and ethical responsibility to ensure that those investments (training) produce a return

Pricinples of Information Security, Chapter 3 Review Questions

1536 words - 7 pages this statute varies from fines to imprisonment up to 20 years, or both. The severity of the penalty depends on the value of the information obtained and whether the offense is judged to have been committed: 1. For purposes of commercial advantage 2. For private financial gain 3. In furtherance of a criminal act 5. Which law was specifically created to deal with encryption policy in the United States? The Security and Freedom through

Information Systems Powerpoint Chapter 1

1975 words - 8 pages Management Information Systems MANAGING THE DIGITAL FIRM, 12TH EDITION Chapter 1 INFORMATION SYSTEMS IN BUSINESS TODAY Management Information Systems CHAPTER 1: INFORMATION IN BUSINESS SYSTEMS TODAY The Role of Information Systems in Business Today • How information systems are transforming business – Increase in wireless technology use, Web sites – Increased business use of Web 2.0 technologies – Cloud computing, mobile digital

Chapter 1—Introduction to Accounting Information Systems

3566 words - 15 pages Chapter 1—Introduction to Accounting Information Systems TRUE/FALSE 1. The three themes of the text are operating systems, e-business, and internal control. ANS: F 2. In an assurance service the accountant will provide the original information used for decision making. ANS: F 3. Financial care for the elderly has been identified by the AICPA as a potential assurance service. ANS: T 4. Wireless technologies was

Week 4 Db Mit Principles of Information Systems Itc 610

1037 words - 5 pages the frauds to sell anything on their site. Some other well-known sites can collect the user’s feedback in order to detect the fraudulent and low quality product. The company should also take essential steps by collecting the user’s feedback about non delivery or misrepresentation of the product.   References: Jacobson, L. (2003- 2015). Information Systems Resources: Networks, Hardware, Software, Data & People. Retrieved from http

Chapter 6 Foundations of Business Intelligence: Database and Information Management

3513 words - 15 pages )                                           Chapter  6   Foundations  of  Business  Intelligence:  Database  and  Information   Management     • • Effective  IS  provides  accurate,  timely  and  relevant  information   Often:  poorly  organized  and  maintained  data     File

Of Mice and Men Chapter 1 and 2 Answers

1044 words - 5 pages . Chapter 2 1.The biggest reason that the boss feels that there is something suspicious about Lennie is George does all the talking for Lennie which makes the boss think that something is wrong with Lennie. The boss asked ‘’Then why don’t you let him answer? What you trying to put over?” The boss thinks that George is trying to cover something up about Lennie which George is really trying to do. Another reason is he thinks that George is taking

Related Essays

Chapter 1 Introduction To Information Security: Principles Of Information Security

979 words - 4 pages Chapter 1-Introduction to Information Security: 1. What is the difference between a threat and a threat agent? A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack. 2. What is the difference between vulnerability and exposure? Vulnerability: is a fault within the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or

Principles Of Information Security Chapter 3 Review

1301 words - 6 pages Chapter 3 Review 1. What is the difference between law and ethics? The difference between law and ethics is that law is a set of rules and regulations that are universal and should be accepted and followed by society and organizations. Ethics on the other hand was derived from the latin word mores and Greek word Ethos means the beliefs and customs that help shape the character of individuals and how people interact with one another 2

Principles Of Information Security Essay

3241 words - 13 pages eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Preface xxi discussion of the key principles of information security, some of which were introduced in Chapter 1: confidentiality, integrity, availability, authentication and

Principles Of Information Security Essay

3291 words - 14 pages materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Section II—Security Investigation Phase Preface xxi discussion of the key principles of information security, some of which were introduced in Chapter 1: confidentiality, integrity, availability, authentication and identification, authorization, accountability, and