Shared Flashcard Set

Details

Chapter 13 and 14
Information Security
37
Accounting
Undergraduate 3
11/10/2013

Additional Accounting Flashcards

 


 

Cards

Term
What does information security mean?
Definition
The term “information security” means protecting
information and information systems from
unauthorized access, use, disclosure, disruption,
modification, or destruction in order to provide:

- Confidentiality
- Integrity
- Availability
Term
What is a information security management system
Definition
The information security management system is
an organizational internal control process
that controls the special risks associated
with information within the organization.
Term
What are the basic elements of an information system?
Definition
The ISMS has the basic elements of
any information system, such as
hardware, databases, procedures, and reports.
Term
Who manages the information security system and who do they report to?
Definition
The information security system must be
managed by a chief security officer (CSO). This individual should report directly
to the board of directors in order to
maintain complete independence.
Term
What are the two different approaches of analyzing vulnerabilities and threats?
Definition
Quantitative approach to risk assessment & Qualitative approach
Term
What is the equation for the quantitative approach?
Definition
Cost of an individual loss 
Likelihood of its occurrence
Term
What are the 2 difficulties with the quantitative approach?
Definition
1) Identifying the relevant costs per loss and the associated likelihoods can be difficult.

2) Estimating the likelihood of a given
failure requires predicting the future,
which is very difficult.
Term
How does the qualitative approach analyze vulnerabilities and threats?
Definition
The system’s vulnerabilities and
threats are subjectively ranked in
order of their contribution to the
company’s total loss exposure.
Term
What are the 7 loss expose areas examined by the qualitative approach?
Definition
1) business interruption
2) loss of software
3) loss of data
4) loss of hardware
5) loss of facilities
6) loss of service and personnel
7) loss of reputation
Term
What are vulnerabilities and threats?
Definition
A vulnerability is a weakness in a system. A threat is a potential exploitation of a vulnerability.
Term
What are the three groups of individuals that pose a threat to the Information System?
Definition
1) Information systems personnel
2) Users
3) Intruders and hackers
Term
Who 5 types of people are included in information systems personnel?
Definition
1) computer maintenance persons
2) programmers
3) network operators
4) information systems administrative personnel
5) data control clerks
Term
What are users and intruders/hackers in regards to an information system?
Definition
Users are composed of heterogeneous groups of people. Their functional area does not lie in data processing or information technology.

An intruder or a hackers is anyone who accesses equipment, electronic data, files, or any kind of privileged information without proper authorization.
Term
What do security and contingency plans do?
Definition
Security measures focus on preventing and detecting threats.

Contingency plans focus on correcting the effects of threats.
Term
What does information security mean?
Definition
The term “information security” means protecting
information and information systems from
unauthorized access, use, disclosure, disruption,
modification, or destruction in order to provide:

- Confidentiality
- Integrity
- Availability
Term
What is a information security management system
Definition
The information security management system is
an organizational internal control process
that controls the special risks associated
with information within the organization.
Term
What are the basic elements of an information system?
Definition
The ISMS has the basic elements of
any information system, such as
hardware, databases, procedures, and reports.
Term
Who manages the information security system and who do they report to?
Definition
The information security system must be
managed by a chief security officer (CSO). This individual should report directly
to the board of directors in order to
maintain complete independence.
Term
What are the two different approaches of analyzing vulnerabilities and threats?
Definition
Quantitative approach to risk assessment & Qualitative approach
Term
What is the equation for the quantitative approach?
Definition
Cost of an individual loss 
Likelihood of its occurrence
Term
What are the 2 difficulties with the quantitative approach?
Definition
1) Identifying the relevant costs per loss and the associated likelihoods can be difficult.

2) Estimating the likelihood of a given
failure requires predicting the future,
which is very difficult.
Term
How does the qualitative approach analyze vulnerabilities and threats?
Definition
The system’s vulnerabilities and
threats are subjectively ranked in
order of their contribution to the
company’s total loss exposure.
Term
What are the 7 loss expose areas examined by the qualitative approach?
Definition
1) business interruption
2) loss of software
3) loss of data
4) loss of hardware
5) loss of facilities
6) loss of service and personnel
7) loss of reputation
Term
What are vulnerabilities and threats?
Definition
A vulnerability is a weakness in a system. A threat is a potential exploitation of a vulnerability.
Term
What are the three groups of individuals that pose a threat to the Information System?
Definition
1) Information systems personnel
2) Users
3) Intruders and hackers
Term
Who 5 types of people are included in information systems personnel?
Definition
1) computer maintenance persons
2) programmers
3) network operators
4) information systems administrative personnel
5) data control clerks
Term
What are users and intruders/hackers in regards to an information system?
Definition
Users are composed of heterogeneous groups of people. Their functional area does not lie in data processing or information technology.

An intruder or a hackers is anyone who accesses equipment, electronic data, files, or any kind of privileged information without proper authorization.
Term
What do security and contingency plans do?
Definition
Security measures focus on preventing and detecting threats.

Contingency plans focus on correcting the effects of threats.
Term
What is the objective of Site-Access Controls?
Definition
The objective of site-access controls
is to physically separate unauthorized
individuals from computer resources.
Term
What do System-Access Controls do?
Definition
These controls authenticate users by using such means as user IDs, passwords, IP addresses, and hardware devices.

It is often desirable to withhold “administrative rights” from individual PC users.
Term
What do File-Access Controls do?
Definition
The most fundamental file-access control
is the establishment of authorization guidelines
and procedures for accessing and altering files.
Term
What are the three types of file backups?
Definition
Full backups, Incremental backups, and Differential backups
Term
Internet-related vulnerabilities may arise from which six areas?
Definition
1) the operating system or its configuration
2)the Web server or its configuration
3) the private network and its configuration
4) various server and communications programs
5) cloud and grid computing
6) general security procedures
Term
Why is Disaster risk management important?
Definition
Disaster risk management is essential
to ensure continuity of operations
in the event of a catastrophe.
Term
Who implements a disaster recovery plan?
Definition
A disaster recovery plan must be implemented at the highest levels in the company. The first step in developing a disaster recovery plan should be obtaining the support of senior management and setting up a planning committee.
Term
The design of the risk management plan should do what three things?
Definition
1) Assess the company’s critical needs.
2) List priorities for recovery.
3) Establish recovery strategies and procedures.
Term
What are the six things that set of recovery strategies should take into account?
Definition
1) emergency response center
2) escalation procedures
3) alternate processing arrangements
4) personnel relocation and replacements plans
5) salvage plan
6) plan for testing and maintaining the system
Supporting users have an ad free experience!