Information Assurance and Security Lecture Notes

Comprehensive flashcards covering Information Assurance, Information Security, security layers, terminology, and critical characteristics of information.

What is Information Assurance (IA)?

The practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.

What is the definition of Information Security (InfoSec)?

The practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

How is security defined in general terms?

The quality or state of being secure-to be free from danger.

What is the purpose of Physical Security?

To protect physical items, objects, or areas from unauthorized access and misuse.

What is the definition of Personnel security?

To protect the individual or group of individuals who are authorized to access the organization and its operations.

What does Operations Security aim to protect?

The details of a particular operation or series of activities.

What are Communications Security and Network security intended to protect?

Communications Security protects communications media, technology, and content; Network security protects networking components, connections, and contents.

How is Information Security achieved within an organization?

Via the application of policy, education, training and awareness, and technology.

In security terminology, what is an Asset?

The organizational resource that is being protected.

How is an Attack defined in information security?

An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it.

What are Control, safeguard, or countermeasure?

Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.

What is the definition of Risk?

The probability that something unwanted will happen.

What is the difference between a Threat and a Threat agent?

A Threat is a category of objects, persons, or other entities that presents a danger to an asset, while a Threat agent is the specific instance or a component of a threat.

What is a Vulnerability?

A weaknesses or fault in a system or protection mechanism that opens it to attack or damage.

How is Availability defined as a critical characteristic of information?

It enables authorized users—persons or computer systems—to access information without interference or obstruction and to receive it in the required format.

When does information possess the characteristic of Accuracy?

When it is free from mistakes or errors and it has the value that the end user expects.

What is Authenticity and what are examples of threats to it?

Authenticity is the quality or state of being genuine or original, rather than a reproduction or fabrication; examples of threats include E-mail spoofing and phishing.

What is Confidentiality and how is it maintained?

Information is protected from disclosure or exposure to unauthorized individuals or systems; it is maintained through information classification, secure document storage, application of general security policies, and education of custodians and end users.

What is Integrity and what specific forms of corruption or damage can threaten it?

Information is whole, complete, and uncorrupted; it is threatened by corruption (data becomes broken), damage (files get affected), destruction (files are deleted), and unauthorized changes.

What are the key terms related to assuring information integrity through hashing?

File Hashing (process / result), Hash Value (actual output by hashing process), and Hash Password (converted into a secret code).

What is Utility in the context of information characteristics?

The quality or state of having value for some purpose or end.

What is Possession in the context of information characteristics?

The quality or state of ownership or control.