Overview of Information Security Management: Chapters 1-5

0.0(0)
studied byStudied by 0 people
linked notesView linked note
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/26

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

27 Terms

1
New cards
Information Security (InfoSec)
Focuses on protecting information and its characteristics including confidentiality, integrity, and availability.
2
New cards
C.I.A. Triad
The three core principles of InfoSec: confidentiality, integrity, and availability.
3
New cards
Confidentiality
Limiting information access to authorized individuals and preventing unauthorized access.
4
New cards
Integrity
Ensuring the accuracy and completeness of information.
5
New cards
Availability
Ensuring that authorized users have reliable and timely access to information and resources.
6
New cards
CNSS Security Model
Covers confidentiality, integrity, and availability in relation to storage, processing, and transmission.
7
New cards
InfoSec Processes
Include identification, authentication, authorization, and accountability.
8
New cards
Threats to Information Security
Include natural disasters, technical failures, software errors, and human actions.
9
New cards
Mean Time Between Failures (MTBF)
The average time between hardware failures.
10
New cards
Strategic Planning
Occurs at the highest organizational levels covering long-term goals.
11
New cards
Tactical Planning
Focuses on resources and plans over an intermediate period.
12
New cards
Operational Planning
Addresses day-to-day operations and local resources in the short term.
13
New cards
Ethics
The study of moral judgments and how humans ought to act.
14
New cards
Digital Forensics
Involves the preservation and analysis of computer media for evidentiary and root-cause analysis.
15
New cards
Affidavit
Sworn testimony that certain facts warrant the examination of specific items.
16
New cards
U.S. Secret Service
Responsible for detecting and arresting computer fraud offenders.
17
New cards
PCI DSS
Payment Card Industry Data Security Standard that includes security requirements and assessment procedures.
18
New cards
Stakeholders
Individuals or groups with a vested interest in an organization's operations.
19
New cards
Governance in InfoSec
Creating and maintaining organizational structures to manage the InfoSec function.
20
New cards
InfoSec Program
The entire set of activities, resources, personnel, and technologies used to manage risks to information assets.
21
New cards
Project Champion
A senior executive who promotes the project and ensures its support.
22
New cards
Information Security Policy
Critical to the success of the InfoSec program.
23
New cards
EISP (Enterprise Information Security Policy)
Provides a high-level overview of the organization’s security philosophy.
24
New cards
ISSP (Issue-Specific Security Policy)
Addresses specific security issues.
25
New cards
SysSP (System-Specific Security Policy)
Addresses specific systems.
26
New cards
Security Convergence
The merging of management accountability across various security disciplines to enhance efficiency and effectiveness.
27
New cards
Work Breakdown Structure (WBS)
A list of tasks to be accomplished in a project, detailing work, skill sets, start and end dates, estimated resources, and dependencies.