Deck 1: Computer Systems Overview

The first step in devising security services and mechanisms is todevelop a security policy.

Computer security is essentially a battle of wits between a perpetratorwho tries to find holes and the administrator who tries to close them.

Assurance is the process of examining a computer product or systemwith respect to certain criteria.

The more critical a component or service, the higher the level ofavailability required.

X.800 architecture was developed as an international standard andfocuses on security in the context of networks and communications.

Many security administrators view strong security as an impediment toefficient and user-friendly operation of an information system.

Hardware is the most vulnerable to attack and the least susceptible toautomated controls.

The "A" in the CIA triad stands for "authenticity".

Contingency planning is a functional area that primarily requirescomputer security technical measures.

Threats are attacks carried out.

In the context of security our concern is with the vulnerabilities ofsystem resources.

T F 4. Availability assures that systems works promptly and service is notdenied to authorized users.

Data integrity assures that information and programs are changed onlyin a specified and authorized manner.

Security mechanisms typically do not involve more than one particularalgorithm or protocol.

__________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.

Confidentiality, Integrity, and Availability form what is often referred to as the _____.

In the United States, student grade information is an asset whose confidentiality is regulated by the __________.

Release of message contents and traffic analysis are two types of _________ attacks.

A loss of _________ is the disruption of access to or use of information or an information system.

Misappropriation and misuse are attacks that result in ________ threat consequences.

A(n) _________ is any means taken to deal with a security attack.

The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _________.

Replay, masquerade, modification of messages, and denial of service are example of _________ attacks.

A(n) _________ is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence.

Security implementation involves four complementary courses of action: prevention, detection, response, and _________.

A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.

A(n) _________ assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information.

The OSI security architecture focuses on security attacks, __________, and services.

Establishing, maintaining, and implementing plans for emergency response, backup operations, and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations is a __________ plan.