What is anything about which a company would collect and store information
What is an association between entities
Is a characteristic of an entity, such as inventory number and descreption of each item in the entity of "Inventory"
Things that have an economic value to a company, such as cash and inventory
Various business processes conducted in a company's daily operations, such as sales and purchases
People and organizations, such as customers and salespeople, who participate in business events
Transforms plaintext into a short code
5 Principles of system reliability
Security,confidentiality,privacy,processing integrity and availability
Access to the system and its data is controlled and restricted to legitimate users
sensitive organizational information is protected from unauthorized disclosure
Personal information about customers is collected, used, disclosed, and maintained in an appropriate manner only in compliance with internal policies and external regulatory requirements.
Data is processed accurately, completely, in a timely manner, and only with proper authorization
o Restrict system access to only authorized users.
o Protect the confidentiality of sensitive data, and the privacy of information collected from customers
o Provide for processing integrity by preventing submission of unauthorized or fictitious transactions and preventing unauthorized changes to stored data or programs.
o Protect against a variety of attacks, thereby ensuring the system is available when needed.
_____is first and foremost a _______issue not a an _______issue
FOCUSES ON THE REALTIONSHIP BETWEEn preventive, detective, and corrective controls.
Time-based model of security
Limit actions to those in accord with the organizaytion's security policy and to not allow undesired actions
identify when preventive controls have been breached
to repari damage from any problems that ovcurred and to improve the functioning of both preventive and etective controls in order to reduce the likelihood of future problems.
time -based model of security evaluates the effectiveness of an organization's security by measuring and comparing the relationship among the follwoing
P= the time it takes an attacker to break through the organizations preventive controls
D= the time it takes to detect that an attack is in progress
C=the time it takes to respond to the attack
If p>d+c, then the organization's security is
If P<D+C, then the organization security procedures are
emloying multiple layers of controls in order to avoid having a single point of failure.