Cis Studyguide

Only available on StudyMode
  • Download(s) : 46
  • Published : February 5, 2013
Open Document
Text Preview
Review
Overview of the Info Security (3 MC, 2 S/A, 1LA)
Objectives:
1. Recognize the importance of information technology and understand who is responsible for protecting an organization’s information assets 2. Know and understand the definition and key characteristics of information security 3. Know and understand the definition and key characteristics of leadership and management 4. Recognize the characteristics that differentiate information security management from general management Concepts:

Information security (InfoSec) is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. Figure 1-1 shows that information security includes the broad areas of information security management (the topic of this book), computer and data security, and network security. At the heart of the study of information security is the concept of policy (discussed in detail in Chapter 4). Policy, awareness, training, education, and technology are vital concepts for the protection of information and for keeping information systems from danger.

* Business Mgmt Professionals: Orgzn ad Info Sec strategy, policy and resources ($$) * I.T. Mgmt : support business objectives w/ appropriate information technology (HW, SW, NW, interfaces) * InfoSec Mgmt: provide technical protective environment for critical assets from threats/ exploits, disruptions Communities of Interest

* InfoSec community: protects the organization’s information assets from the threats they face. * IT community: supports the business objectives of the organization by supplying and supporting information technology appropriate to the business’ needs. * Non-technical general business community: articulates and communicates organizational policy and objectives and allocates resources to the other groups.

Information Technology (I.T.)
= tangible HW, SW, DBs, NW, technologies used to support / build Info Systems (data / info processing) = technological components to support facilitate System Interfaces / comm Information Systems (I.S.)

= Specific organizational applications, specialized Sub-Systems Supported by different tangible technologies (I.T.)

Technological “Infrastructure”
= specific technologies that support a Organization, NW, Info Systems = basic electronic, mechanical, social, political, etc. support systems = provides fundamental support structure for a system / organization / network = specifies how all I.T. and I.S. connected

Technological “Architecture”
Overall “Logical”, “Conceptual Design” of NW …that supports exchange of data + info = Overview of the I.S. NW, Telecomm (T/C) System,
and E-Commerce environments (B2B, B2C, C2C)
- shows interrelations of Tech components
- how components interface + FUNCTION
- outlines how Orgnzn functions + flexibility to meet future requirements …..”scalability”

Common ARCHITECTURES:
- Computer Architecture
- Software Architecture
- Network Architecture

Info Security Safeguards, IT Controls (Part 1)

* Please describe two instances of each category
* TECHNICAL SOLUTIONS to ENSURE WEB SECURITY
* ENCRYPTION TECHNIQUES (and Hashing)
*** Most strategic uses for encryption ***
1. to secure info during transmission
2. to secure stored information /data

* ACCESS CONTROL (Firewalls, Passwords, Intrusion Detection Systems) * Cyber Warfare (Honeypots, Honeynets, Darknets)

* Describe two techniques

* We need to know the hash characteristics because its going to be in the exam. (IMPORTANT)

(IN EXAM)
IN the exam ,mention 2 of these 7 assumption
7 Info Security and ROI Dilemmas
1. Companies focus more on Capital expenditures that directly affect revenue
believe Info Sec investments shift focus away from profit / growth 2. Top mgmt often doesn’t understand Impact
of info security breaches on...
tracking img