Which of the following refers to a process that is used for implementing information security?
Certification and Accreditation [C&A]
Classic information security model
Information Assurance [IA]
Certification and Accreditation [C&A or CnA] is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. The C&A process is used extensively in the U.S. Federal Government. Some C&A processes include FISMA, NIACAP, DIACAP, and DCID 6/3. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations [including mission, functions, image, or reputation], agency assets, or individuals, based on the implementation of an agreed-upon set of security controls. Answer: D is incorrect. Information Assurance [IA] is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. While focused dominantly on information in digital form, the full range of IA encompasses not only digital but also analog or physical form. Information assurance as a field has grown from the practice of information security, which in turn grew out of practices and procedures of computer security. Answer: A is incorrect. The classic information security model is used in the practice of Information Assurance [IA] to define assurance requirements. The classic information security model, also called the CIA Triad, addresses three attributes of information and information systems, confidentiality, integrity, and availability. This C-I-A model is extremely useful for teaching introductory and basic concepts of information security and assurance; the initials are an easy mnemonic to remember, and when properly understood, can prompt systems designers and users to address the most pressing aspects of assurance. Answer: B is incorrect. The Five Pillars model is used in the practice of Information Assurance [IA] to define assurance requirements. It was promulgated by the U.S. Department of Defense [DoD] in a variety of publications, beginning with the National Information Assurance Glossary, Committee on National Security Systems Instruction CNSSI-4009. Here is the definition from that publication: "Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities." The Five Pillars model is sometimes criticized because authentication and non-repudiation are not attributes of information or systems; rather, they are procedures or methods useful to assure the integrity and authenticity of information, and to protect the confidentiality of the same.
Home
Subjects
Expert solutions
Create
Log in
Sign up
Upgrade to remove ads
Only SGD 41.99/year
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Terms in this set [8]
Network Security
Security that governs a network
six dimensions to eCommerce security
Integrity
Non-Repudiation
Authenticity
Authorization
Confidentiality
Availability
Integrity
Example 1: If someone added an extra bill to the envelope, which contained your credit card bill, he has violated the integrity of the mail
Example 2:One type of integrity security breach would be an unauthorized person intercepting and redirecting a bank wire transfer into a different account.
nonrepudiation
Non repudiation is the assurance that someone cannot deny something. Typically, non repudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.
Authenticity
Authentication is verification of the identity of the entity requesting access to a system.[4] It is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks [including the Internet], authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially [or is registered by someone else], using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant [such as the exchange of money] is that passwords can often be stolen, accidentally revealed, or forgotten.
For this reason, Internet business and many other transactions require a more stringent authentication process. The use of digital certificates issued and verified by a Certificate Authority [CA] as part of a public key infrastructure is considered likely to become the standard way to perform authentication on the Internet. Logically, authentication precedes authorization [although they may often seem to be combined]
Authorization
Authentication is verification of the identity of the entity requesting access to a system.[4] It is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks [including the Internet], authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially [or is registered by someone else], using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant [such as the exchange of money] is that passwords can often be stolen, accidentally revealed, or forgotten.
For this reason, Internet business and many other transactions require a more stringent authentication process. The use of digital certificates issued and verified by a Certificate Authority [CA] as part of a public key infrastructure is considered likely to become the standard way to perform authentication on the Internet. Logically, authentication precedes authorization [although they may often seem to be combined]
Confidentiality
Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure confidentiality are designed to prevent sensitive information from reaching the wrong people, while making sure that the right people can in fact get it: Access must be restricted to those authorized to view the data in question. It is common, as well, for data to be categorized according to the amount and type of damage that could be done should it fall into unintended hands. More or less stringent measures can then be implemented according to those categories.
A good example of methods used to ensure confidentiality is an account number or routing number when banking online. Data encryption is a common method of ensuring confidentiality.
Availability
Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment that is free of software conflicts. It's also important to keep current with all necessary system upgrades. Providing adequate communication bandwidth and preventing the occurrence of bottlenecks are equally important.
Sets with similar termsCIS exam 2 study guide
95 terms
linsey_ta-luong
Chapter 8
54 terms
alexandrianicoleg
Comp Exam Part 2 [Cyber]
33 terms
buzzy1254
MIS
39 terms
natalie_oneal
Sets found in the same folderElectronic Data Interchange: Transactions and Secu…
24 terms
BENAVIDEZCRICKET
AIS Chapter 5
60 terms
kamcd51
Encryption
15 terms
Hassan_ali12327
Chapter 9 AIS Quiz
10 terms
kaylameier
Verified questions
SOCIOLOGY
What is the difference between replacement level and zero population growth?
Verified answer
SOCIOLOGY
What factor determines a boat's required equipment? storage capacity rate of speed fuel tank weight length of boat
Verified answer
SOCIOLOGY
Bill gates has an estimated net worth of $51 billion. How would sociologists label Gates in terms of social class?
Verified answer
SOCIOLOGY
A high school teacher who simply goes through the motions of teaching classes without any thought of success is an example of which response in strain theory?
Verified answer
Other Quizlet setsHRM 360 Exam 3
51 terms
Iman_Nabulsi
Traffic Test 5
40 terms
JMease92
Batang Ai National Park
14 terms
yachintas
The Age of Jackson
32 terms
sabrina_bauld4
Related questionsQUESTION
11] A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertising costs up. This is an example of:
6 answers
QUESTION
What technology should be used to protect a home Wi-Fi network?
2 answers
QUESTION
The primary key is a field that uniquely and completely identifies a record.
15 answers
QUESTION
The person who plays the role of a privacy professional within an organization should be physically placed in a high traffic location so that co-workers have easy access to that person and the personal information that they manage.
2 answers