Explore topic-wise InterviewSolutions in .

Much human error or failure can be prevented with training and ongoing AWARENESS activities,but ALSO with controls,ranging from simple procedures like asking USERS to type a critical command twice,to more complex procedures ,such as the verification of the commands by a second party(Eg KEY recovery actions in PKI SYSTEMS).

Much human error or failure can be prevented with training and ongoing awareness activities,but also with controls,ranging from simple procedures like asking users to type a critical command twice,to more complex procedures ,such as the verification of the commands by a second party(Eg key recovery actions in PKI systems).

Includes acts done without MALICIOUS INTENT. It is Caused by:

• INEXPERIENCE
• IMPROPER TRAINING
• Incorrect assumptions
• Other circumstances.

Includes acts done without malicious intent. It is Caused by:

A threat is an OBJECT, person, or other ENTITY that represents a constant danger to an asset MANAGEMENT must be informed of the various kinds of threats facing the organization By examining each threat category in turn, management EFFECTIVELY protects its information through policy, education and training, and technology controls.

A threat is an object, person, or other entity that represents a constant danger to an asset Management must be informed of the various kinds of threats facing the organization By examining each threat category in turn, management effectively protects its information through policy, education and training, and technology controls.

Information SECURITY performs four important FUNCTIONS for an organization:

• Protects the organization's ABILITY to function
• ENABLES the safe operation of applications implemented on the organization's IT systems
• Protects the data the organization collects and uses
• Safeguards the technology assets in use at the organization.

Information security performs four important functions for an organization:

INFORMATION is AUTHENTIC when the contents are original as it was CREATED,palced or stored or transmitted.The information you receive as e-mail may not be authentic when its contents are MODIFIED what is KNOWN as E-mail spoofing.

Information is authentic when the contents are original as it was created,palced or stored or transmitted.The information you receive as e-mail may not be authentic when its contents are modified what is known as E-mail spoofing.

Department of Defense in US,STARTED a research program on feasibility of a REDUNDANT,networked communication system to SUPPORT the military's exchange of information.Larry Robers,known as the founder if internet ,DEVELOPED the project from its inception.

Department of Defense in US,started a research program on feasibility of a redundant,networked communication system to support the military's exchange of information.Larry Robers,known as the founder if internet ,developed the project from its inception.

MULTICS was an OPERATING system ,now obsolete. MULTICS is noewothy because it was the FIRST and only OS created with security as its primary goal. It was a MAINFRAME ,time-sharing OS developed in mid - 1960s by a consortium from GE,Bell Labs,and MIT.

MULTICS was an operating system ,now obsolete. MULTICS is noewothy because it was the first and only OS created with security as its primary goal. It was a mainframe ,time-sharing OS developed in mid - 1960s by a consortium from GE,Bell Labs,and MIT.

The security blue print is the PLAN for the implementation of new security measures in the ORGANIZATION. Some TIMES called a framework,the blue print presents an organized approach to the security planning PROCESS.

The security blue print is the plan for the implementation of new security measures in the organization. Some times called a framework,the blue print presents an organized approach to the security planning process.

Hacking can be defined POSITIVELY and NEGATIVELY. To writes COMPUTER PROGRAMS for ENJOYMENT to gain access to a computer illegally.

Hacking can be defined positively and negatively. To writes computer programs for enjoyment to gain access to a computer illegally.

An attack is an intentional or unintentional attempt to cause damage or otherwise COMPROMISE the information. If some one casually reads SENSITIVE information not intended for his or her USE ,this considered as a passive attack. If a HACKER attempts to break into an information system,the attack is considered ACTIVE.

An attack is an intentional or unintentional attempt to cause damage or otherwise compromise the information. If some one casually reads sensitive information not intended for his or her use ,this considered as a passive attack. If a hacker attempts to break into an information system,the attack is considered active.

The exposure of an information SYSTEM is a single instance when the system is open to DAMAGE. Weakness or faults in a system EXPOSE information or protection mechanism that expose information to ATTACK or damage or known as vulnerabilities.

The exposure of an information system is a single instance when the system is open to damage. Weakness or faults in a system expose information or protection mechanism that expose information to attack or damage or known as vulnerabilities.

A THREAT is a CATEGORY of objects,persons,or other entities that pose a POTENTIAL danger to an asset. Threats are always present. A threat AGENT is a specific instance or component of a threat. (For example All hackers in the world are a collective threat Kevin Mitnick,who was convicted for hacking into PHONE systems was a threat agent.)

A threat is a category of objects,persons,or other entities that pose a potential danger to an asset. Threats are always present. A threat agent is a specific instance or component of a threat. (For example All hackers in the world are a collective threat Kevin Mitnick,who was convicted for hacking into phone systems was a threat agent.)

Data Owner - responsible for the security and use of a PARTICULAR set of INFORMATION Data Custodian - responsible for the storage, MAINTENANCE, and protection of the information Data Users - the end SYSTEMS users who work with the information to PERFORM their daily jobs supporting the mission of the organization.

Data Owner - responsible for the security and use of a particular set of information Data Custodian - responsible for the storage, maintenance, and protection of the information Data Users - the end systems users who work with the information to perform their daily jobs supporting the mission of the organization.

• Senior MANAGEMENT - Chief Information Officer, Chief Information SECURITY Officer
• Security Project Team
• The champion
• The team leader
• Security policy developers
• Risk ASSESSMENT SPECIALISTS
• Security professionals
• Systems administrators
•  End users.

Social science examines the behavior of INDIVIDUALS interacting with systems SECURITY begins and ends with the people that interact with the system End users may be the weakest link in the security chain Security administrators can GREATLY reduce the levels of risk CAUSED by end users, and create more acceptable and supportable security profiles.

Social science examines the behavior of individuals interacting with systems Security begins and ends with the people that interact with the system End users may be the weakest link in the security chain Security administrators can greatly reduce the levels of risk caused by end users, and create more acceptable and supportable security profiles.

• Security Systems Development Life Cycle
• The same PHASES USED in the traditional SDLC adapted to support the specialized implementation of a security project
• BASIC PROCESS is identification of threats and controls to counter them
• The SecSDLC is a coherent program RATHER than a series of random, seemingly unconnected actions.

Investigation, ANALYSIS, Logical Design, PHYSICAL Design, Implementation,MAINTENANCE and CHANGE.

Investigation, Analysis, Logical Design, Physical Design, Implementation,Maintenance and Change.

• The Systems Development LIFE CYCLE
• Information security MUST be managed in a manner SIMILAR to any other MAJOR system implemented in the organization
• Using a methodology
• ensures a rigorous process
• avoids missing steps.

• BOTTOM Up APPROACH
• Top-down Approach.

• Balancing Security and ACCESS 
• It is impossible to obtain PERFECT security - it is not an absolute; it is a process
• Security should be considered a BALANCE between protection and AVAILABILITY
• To achieve balance, the level of security must allow reasonable acces, YET protect against threats.

An Information System (IS) is much more than computer HARDWARE; it is the ENTIRE SET of software, hardware, DATA, people, and procedures necessary to use information as a RESOURCE in the organization.

An Information System (IS) is much more than computer hardware; it is the entire set of software, hardware, data, people, and procedures necessary to use information as a resource in the organization.

This refers to "The NATIONAL Security Telecommunications and INFORMATION SYSTEMS Security Committee" document. This document presents a comprehensive model for information security. The model consists of three dimensions.

This refers to "The National Security Telecommunications and Information Systems Security Committee" document. This document presents a comprehensive model for information security. The model consists of three dimensions.

• Availability
• ACCURACY
• Authenticity
• CONFIDENTIALITY
• INTEGRITY
• Utility
• Possession

INFORMATION security - is the PROTECTION of information and its CRITICAL elements, INCLUDING the systems and hardware that use, store, and transmit the information. 

Information security - is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit the information. 

Network SECURITY - is the protection of networking COMPONENTS,CONNECTIONS,and contents.

Network security - is the protection of networking components,connections,and contents.

COMMUNICATIONS SECURITY - encompasses the protection of organization's communications MEDIA, TECHNOLOGY and CONTENT.

Communications security - encompasses the protection of organization's communications media, technology and content.

Operations security focuses on the protection of the DETAILS of PARTICULAR operations or SERIES of activities. 

Operations security focuses on the protection of the details of particular operations or series of activities. 

Personal Security INVOLVES protection of INDIVIDUALS or group of individuals who are AUTHORIZED to ACCESS the organization and its OPERATIONS.

Personal Security involves protection of individuals or group of individuals who are authorized to access the organization and its operations.

Physical Security - to protect physical items, OBJECTS or AREAS of organization from UNAUTHORIZED ACCESS and misuse. 

Physical Security - to protect physical items, objects or areas of organization from unauthorized access and misuse. 

The SCOPE of COMPUTER security grew from physical security to include:

• Safety of the DATA Limiting unauthorized access to that data 
• Involvement of personnel from multiple LEVELS of the organization. 

The scope of computer security grew from physical security to include:

INFORMATION Security began with RAND Corporation Report R-609, The Rand Report was the first widely recognized PUBLISHED document to identify the ROLE of management and policy issues in COMPUTER security. 

Information Security began with Rand Corporation Report R-609, The Rand Report was the first widely recognized published document to identify the role of management and policy issues in computer security. 

Computer security began immediately after the first mainframes were developed Groups developing code-breaking computations during World War II created the first modern COMPUTERS Physical controls were needed to limit access to authorized PERSONNEL to sensitive military locations Only RUDIMENTARY controls were available to defend against physical theft, espionage, and SABOTAGE.

Computer security began immediately after the first mainframes were developed Groups developing code-breaking computations during World War II created the first modern computers Physical controls were needed to limit access to authorized personnel to sensitive military locations Only rudimentary controls were available to defend against physical theft, espionage, and sabotage.

The C.I.A. TRIANGLE was the standard based on confidentiality, INTEGRITY, and availability. The C.I.A. triangle has expanded into a LIST of CRITICAL characteristics of information.

The C.I.A. triangle was the standard based on confidentiality, integrity, and availability. The C.I.A. triangle has expanded into a list of critical characteristics of information.