Term
|
Definition
| a “well-informed sense of assurance that the information risks and controls are in balance.” — Jim Anderson, Inovant (2002) |
|
|
Term
| Goal of Information Security |
|
Definition
maintain the status quo, maintain the security, maintain the liveness |
|
|
Term
|
Definition
| is “the quality or state of being secure--to be free from danger.” |
|
|
Term
|
Definition
Physical security – To protect the physical items, objects, or areas of an organization from unauthorized access and misuse.
Personal security – To protect the individual or group of individuals who are authorized to access the organization and its operations.
Operations security – To protect the details of a particular operation or series of activities.
Communications security – To protect an organization’s communications media, technology, and content.
Network security – To protect networking components, connections, and contents. |
|
|
Term
|
Definition
| Confidentiality Integrity Availability |
|
|
Term
Critical Characteristics of Information |
|
Definition
Availability – Enables users who need to access information to do so without interference or obstruction and in the required format. The information is said to be available to an authorized user when and where needed and in the correct format.
Accuracy – Free from mistake or error and having the value that the end user expects. If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate.
Authenticity –The quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred.
Confidentiality – The quality or state of preventing disclosure or exposure to unauthorized individuals or systems.
Integrity – The quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.
Utility – The quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end user, it is not useful.
Possession – The quality or state of having ownership or control of some object or item. Information is said to be in possession if one obtains it, independent of format or other characteristic. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality. |
|
|
Term
| Components of an Information System |
|
Definition
hardware, software, data, procedures, people- easiest to hardest to change |
|
|
Term
| Systems Development Life Cycle (SDLC): |
|
Definition
| a methodology for the design and implementation of an information system in an organization. |
|
|
Term
|
Definition
| Responsible for the security and use of a particular set of information. |
|
|
Term
|
Definition
| Responsible for the storage, maintenance, and protection of the information. |
|
|
Term
|
Definition
| The end systems users who work with the information to perform their daily jobs supporting the mission of the organization. |
|
|
Term
|
Definition
| a subject or object’s ability to use, manipulate, modify, or affect another subject or object. |
|
|
Term
|
Definition
| the organizational resource that is being protected. |
|
|
Term
|
Definition
| an act that is an intentional or unintentional attempt to cause damage or compromise to the information and/or the systems that support it. |
|
|
Term
| Control, Safeguard, or Countermeasure |
|
Definition
| security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization. |
|
|
Term
|
Definition
| to take advantage of weaknesses or vulnerability in a system. |
|
|
Term
|
Definition
| a single instance of being open to damage. |
|
|
Term
|
Definition
| Good: to use computers or systems for enjoyment; Bad: to illegally gain access to a computer or system. |
|
|
Term
|
Definition
| a passive entity in the information system that receives or contains information. |
|
|
Term
|
Definition
| an individual who “cracks” or removes the software protection from an application designed to prevent unauthorized duplication. |
|
|
Term
|
Definition
| the probability that something can happen. |
|
|
Term
|
Definition
| the plan for the implementation of new security measures in the organization. |
|
|
Term
|
Definition
| a collection of specific security rules that represents the implementation of a security policy. |
|
|
Term
| Security Posture or Security Profile |
|
Definition
| a general label for the combination of all policies, procedures, technologies, and programs that make up the total security effort currently in place. |
|
|
Term
|
Definition
| - an active entity that interacts with an information system and causes information to move through the system for a specific end purpose |
|
|
Term
|
Definition
| a category of objects, persons, or other entities that represents a potential danger to an asset. |
|
|
Term
|
Definition
| a specific instance or component of a more general threat. |
|
|
Term
|
Definition
| weaknesses or faults in a system or protection mechanism that expose information to attack or damage. |
|
|
Term
|
Definition
| “the ownership of ideas and control over the tangible or virtual representation of those ideas.” |
|
|
Term
|
Definition
| the unlawful use or duplication of software-based intellectual property |
|
|
Term
|
Definition
| hacks the public telephone network to make free calls, disrupt services, and generally wreak havoc. |
|
|
Term
|
Definition
| a deliberate act that exploits vulnerability |
|
|
Term
|
Definition
| redirection of legitimate Web traffic (e.g., browser requests) to illegitimate site for the purpose of obtaining private information |
|
|
Term
|
Definition
| relatively new; works by exploring contents of a Web browser’s cache to create malicious cookie |
|
|
