IAS 1 Module 01.pdf

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/37

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 2:01 PM on 7/4/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

38 Terms

1
New cards

Security

Defined as the state of being secure and free from danger or harm, as well as the actions taken to achieve that state

2
New cards

Information Security

The protection of information assets (in storage, processing, or transmission) through the application of policy, education, and technology

3
New cards

Computer Security

The predecessor to information security, which began with the development of mainframes during WWII and focused primarily on physical security and simple document classification

4
New cards

The C.I.A. Triad & Characteristics of Information

5
New cards

Confidentiality

Ensures that only those with the necessary rights and privileges can access specific information, preventing unauthorized disclosure

6
New cards

Integrity

Assurance that information remains whole, complete, and uncorrupted by unauthorized modification or destruction

7
New cards

Availability

Enables authorized users (people or systems) to access information in the required format without interference or obstruction

8
New cards

Accuracy

Information is free from errors and has the value the end user expects

9
New cards

Authenticity

The state of information being genuine or original, appearing exactly as it was created or transferred

10
New cards

Utility

The quality of information having value for a specific end purpose

11
New cards

Possession

The quality of ownership or control over information, which is distinct from confidentiality (one can possess encrypted data without being able to read it

12
New cards

Components of an Information System (IS)

13
New cards

Software

Applications, operating systems, and utilities

14
New cards

Hardware

The physical technologies that house and execute software or store data.

15
New cards

Data

The most valuable asset; it includes items of fact like raw numbers and facts

16
New cards

People

Often considered the weakest link in the security chain as they design, develop, and use the systems

17
New cards

Procedures

Written instructions created to accomplish specific tasks

18
New cards

Networks

The "highway" through which data is passed between systems

19
New cards

Key Information Security Concepts

20
New cards

Asset

The organizational resource being protected, which can be logical (data, software) or physical (people, hardware)

21
New cards

Vulnerability

A potential weakness in an asset or its defensive control systems (e.g., a software flaw or an unlocked door)

22
New cards

Threat

Any object, person, or entity representing a constant danger to an asset

23
New cards

Threat Agent

The specific instance or component of a threat (e.g., a specific hacker or a lightning strike

24
New cards

Attack

An intentional or unintentional act that can damage or compromise information.

25
New cards

Exploit

A technique used by an attacker to compromise a system

26
New cards

Risk

The calculated probability that a threat will be realized against a vulnerability

27
New cards

Control/Safeguard

A security mechanism that detects, avoids, or minimizes damage to a protected asse

28
New cards

Organizational Roles

29
New cards

Chief Information Officer (CIO)

The senior technology officer responsible for strategic planning affecting information management

30
New cards

Chief Information Security Officer (CISO)

Primarily responsible for the assessment, management, and implementation of information security; usually reports to the CIO.

31
New cards

Data Owner

Senior management responsible for the security and use of a specific set of information

32
New cards

Data Custodian

Responsible for the storage, maintenance, and protection of information and systems

33
New cards

Data Trustee

Appointed by data owners to oversee management and coordinate with custodians for storage and protection

34
New cards

Implementation Approaches

35
New cards

Bottom-Up Approach

A grassroots effort where system administrators work to improve security at their level; it often lacks management support and organizational coordination

36
New cards

Top-Down Approach

Projects initiated by upper management and pushed down to all levels; this is generally more successful as it ensures funding, accountability, and organizational focus

37
New cards

Security Models

38
New cards

McCumber Cube

A 3x3x3 graphical representation of information security architecture covering the CIA triad, data states (Storage, Transmission, Processing), and safeguards (Policy, Education, Technology)