Exam 1: Introduction to Information Security

The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.

During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.

Key end users should be assigned to a developmental team, known as the united application development team. _________________________

The ____________________ component of an information system comprises applications, operating systems, and assorted command utilities.

A subject or object's ability to use, manipulate, modify, or affect another subject or object is known as ___________.

During the __________ phase, specific technologies are selected to support the alternatives identified and evaluated in the prior phases.

The Analysis phase of the SDLC examines the event or plan that initiates the process and specifies the objectives, constraints, and scope of the project. _________________________

Of the two approaches to information security implementation, the top-downapproach has a higher probability of success. _________________________

A(n) ____________________ is a formal approach to solving a problem by means of a structured sequence of procedures.

The probability of an unwanted occurrence, such as an adverse event or loss, is known as a(n) _________.

The water-ski model is a type of SDLC in which each phase of the process flows from the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments.

An emerging methodology to integrate the effort of the development team and the operations team to improve the functionality and security of applications is known as __________.

A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.

The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________.

Organizations are moving toward more __________-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product.

A type of SDLC in which each phase has results that flow into the next phase is called the  __________ model.

A methodology and formal development strategy for the design and implementation of an information system is referred to as a __________.

A computer is the __________ of an attack when it is used to conduct an attack against another computer.

A potential weakness in an asset or its defensive control system(s) is known as a(n) ​_________.

__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.