AIS Chap 7

Card Set Information

Author:
blemus
ID:
17257
Filename:
AIS Chap 7
Updated:
2010-05-04 18:01:20
Tags:
Rest Chap
Folders:

Description:
trust framework
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user blemus on FreezingBlue Flashcards. What would you like to do?


  1. What is anything about which a company would collect and store information
    Entity
  2. What is an association between entities
    A relationship
  3. Is a characteristic of an entity, such as inventory number and descreption of each item in the entity of "Inventory"
    An attribute
  4. Things that have an economic value to a company, such as cash and inventory
    Resources
  5. Various business processes conducted in a company's daily operations, such as sales and purchases
    Events
  6. People and organizations, such as customers and salespeople, who participate in business events
    Agents
  7. Transforms plaintext into a short code
    Hashing
  8. 5 Principles of system reliability
    Security,confidentiality,privacy,processing integrity and availability
  9. Access to the system and its data is controlled and restricted to legitimate users
    security
  10. sensitive organizational information is protected from unauthorized disclosure
    Confidentiality
  11. Personal information about customers is collected, used, disclosed, and maintained in an appropriate manner only in compliance with internal policies and external regulatory requirements.
    Privacy
  12. Data is processed accurately, completely, in a timely manner, and only with proper authorization
    PROCESSING INTEGRITY
  13. o Restrict system access to only authorized users.
    o Protect the confidentiality of sensitive data, and the privacy of information collected from customers
    o Provide for processing integrity by preventing submission of unauthorized or fictitious transactions and preventing unauthorized changes to stored data or programs.
    o Protect against a variety of attacks, thereby ensuring the system is available when needed.
    Security
  14. _____is first and foremost a _______issue not a an _______issue
    security,management, technology
  15. FOCUSES ON THE REALTIONSHIP BETWEEn preventive, detective, and corrective controls.
    Time-based model of security
  16. Limit actions to those in accord with the organizaytion's security policy and to not allow undesired actions
    preventive controls
  17. identify when preventive controls have been breached
    detective controls
  18. to repari damage from any problems that ovcurred and to improve the functioning of both preventive and etective controls in order to reduce the likelihood of future problems.
    corrective controls
  19. time -based model of security evaluates the effectiveness of an organization's security by measuring and comparing the relationship among the follwoing
    • P= the time it takes an attacker to break through the organizations preventive controls
    • D= the time it takes to detect that an attack is in progress
    • C=the time it takes to respond to the attack
  20. If p>d+c, then the organization's security is
    effective
  21. If P<D+C, then the organization security procedures are
    not effective
  22. emloying multiple layers of controls in order to avoid having a single point of failure.
    Defense-In-Depth

What would you like to do?

Home > Flashcards > Print Preview