Define “Information security”:
Knowing and making sure that information
risks and controls are in balance.
What’s the “Enigma” machine?
- A German made decryption machine that was used in WW2; it helped in the advancement of information security.
- First broken by the poles.
What’s “Arpanet”, and who developed it?
- The first Internet.
- It was developed by Larry Roberts in the US.
What’s “RAND Report R-609”?
A report that highlighted the vulnerabilities in computer systems and the need for security measures.
What’s “MULTICS”?
First operating system created with security as its primary goal.
What’s “DEFCON”?
The first information security conference.
What does C.I.A stand for:
Confidentiality, Integrity, and Availability.
What’s the difference between “subject of an attack” and “object of an attack”?
- “Subject of an attack” is the computer that is being used as an active tool to conduct attack.
- “Object of an attack” is the computer or the entity that is being attacked.
Define the following concepts:
1 - Access.
2 - Asset.
3 - Attack.
4 - Exploit.
5 - Exposure.
1 - The ability to use, manipulate, or affect something.
2 - A resource that is being protected.
3 - An act that can damage or compromise information and the systems supporting it.
4 - A technique used to compromise a system.
5 - A condition or state of being exposed.
Define the following concepts:
1 - Loss.
2 - Risk.
3 - Threat.
4 - Threat Agent.
5 - Vulnerability.
1 - The damage of an asset.
2 - The probability of an unwanted occurrence.
3 - An entity that is a danger to an asset.
4 - A component of a threat.
5 - Weakness in a system that exposes information to damage.
Explain the 2 information security implementations?
1 - Bottom-Up Approach
- Doesn’t work most of the time.
- Key advantage: technical expertise of individual administrators.
2 - Top-Down Approach
- Initiated by upper management: Issue policy, procedures, and processes…
- Most successful and involves (SDLC).
What’s “Systems Development Life Cycle (SDLC)” and it’s steps?
Is a methodology for implementation of an information system within an organization.
1- Investigation:
Objectives, constraints, and scope of project are specified.
2- Analysis:
determining what the new system will do and how it will interact with the existing systems.
3- Logical design:
begin creating the solution for the problem.
4- Physical design:
the logical design is transformed into a physical system, and specific hardware and software components is selected and planned.
5- Implementation:
Installation of hardware and software onto production computers, and integration of the system into work process.
6- Maintenance & change: Longest and most expensive phase.
Data Owner vs Data Custodian vs Data User:
Data Owner: responsible for the security and use of a particular set of information.
Data Custodian: responsible for storage, maintenance, and protection of information.
Data Users: end users who work with information to perform their daily jobs.
