IT 108 - Information Assurance and Security Midterm Review

These flashcards cover key concepts and terms related to Information Assurance and Security from the midterm notes.

What is the difference between data and information?

Data refers to raw, unprocessed facts and figures, while information is processed data organized to provide meaning.

What does Information Assurance (IA) aim to achieve?

IA minimizes overall risks to a company's information by applying organizational-wide standards to reduce threats to information security.

What is the CIA Triad in Information Security?

The CIA Triad refers to the principles of Confidentiality, Integrity, and Availability.

What significant event did the Morris Worm (1988) represent?

It was the first recognized computer worm that caused significant impact on computer systems.

What key benefit does information assurance provide in terms of customer relations?

Increased customer trust through the protection of sensitive data and compliance with regulations.

What are some key security principles?

Key security principles include Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation.

What is the purpose of an Information Security Lifecycle?

The Information Security Lifecycle provides a framework for managing information security to protect assets and reduce risks.

What does compliance in Information Assurance refer to?

Ensuring that an organization meets regulatory requirements and does not suffer legal consequences.

Define 'insider threat' in cybersecurity.

An insider threat is the potential for a person within the organization to misuse their authorized access to harm the organization's assets.

What is the role of encryption in maintaining data security?

Encryption protects data by converting it into a format that can only be read with the correct decryption key.

What is social engineering in the context of cybersecurity?

Social engineering is the psychological manipulation of individuals to gain confidential information or perform actions that compromise security.

Why is multi-factor authentication (MFA) important in cybersecurity?

MFA adds an extra layer of security beyond usernames and passwords, which helps to prevent unauthorized access even when credentials are compromised.

What is the significance of Universal Access Control List (ACL) in cybersecurity?

ACLs define the permissions for users and groups to access resources in a network, preventing unauthorized access.

What are the implications of the General Data Protection Regulation (GDPR) on organizations?

GDPR imposes strict data protection and privacy regulations, requiring organizations to ensure compliance to avoid penalties.

What are Advanced Persistent Threats (APTs)?

APTs are prolonged cyberattacks in which an attacker gains access to a network and remains undetected for an extended period.

Explain the difference between authentication and authorization in cybersecurity.

Authentication verifies a user's identity, while authorization determines what resources a user can access.