The protection of tangible items, objects, or areas from unauthorized access and misuse is known as ___________.
?physical security
A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information.
True
A technique used to compromise a system is known as a(n) ___________.
exploit
To achieve balance�that is, to operate an information system that satisfies the user and the security professional�the security level must allow reasonable access, yet protect against threats.
True
__________ is a network project that preceded the Internet.
ARPANET
An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource
asset
A subject or object's ability to use, manipulate, modify, or affect another subject or object is known as ___________.
access
A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection.
direct
Which of the following is a valid type of role when it comes to data ownership?
Data owners, Data Custodians, Data Users
Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, often referred to as the bottom-up approach. _________________________
True
The possession of information is the quality or state of having value for some purpose or end.
False
Confidentiality ensures that only those with the rights and privileges to access information are able to do so. _________________________
True
Information security can be an absolute.
False
The value of information comes from the characteristics it possesses.
True
Of the two approaches to information security implementation, the top-down approach has a higher probability of success.
True
__________ of information is the quality or state of being genuine or original.
Authenticity
The protection of all communications media, technology, and content is known as ___________.
?communications security
The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________.
?information security
During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.
True
People with the primary responsibility for administering the systems that house the information used by the organization perform the role of ____.
System administrators
When unauthorized individuals or systems can view information, confidentiality is breached.
True
The bottom-up approach to information security has a higher probability of success than the top-down approach.
False
A type of SDLC in which each phase has results that flow into the next phase is called the __________ model.
waterfall
A breach of possession may not always result in a breach of confidentiality.
True
__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.
Physical
A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.
False
The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).
False
In the physical design phase, specific technologies are selected.
True
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value.
hash
An information system is the entire set of __________, people, procedures, and networks that enable the use of information resources in the organization.
Software, Hardware, Data
A(n) hardware system is the entire set of people, procedures, and technology that enable business to use information.
False
Hardware is often the most valuable asset possessed by an organization, and it is the main target of intentional attacks.
True
SecOps focuses on integrating the need for the development team to provide iterative andrapid improvements to system functionality and the need for the operations team to improvesecurity and minimize the disruption from software release cycles. __________
False
The water-ski model is a type of SDLC in which each phase of the process flows from the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments.
False
The Analysis phase of the SDLC examines the event or plan that initiates the process and specifies the objectives, constraints, and scope of the project. _________________________
False