Study Guides (390,000)
CA (150,000)
Ryerson (10,000)
ITM (500)
ITM 207 (20)
farid (1)
Study Guide

ITM 207- Final Exam Guide - Comprehensive Notes for the exam ( 62 pages long!)


Department
Information Technology Management
Course Code
ITM 207
Professor
farid
Study Guide
Final

This preview shows pages 1-3. to view the full 62 pages of the document.
Ryerson
ITM 207
FINAL EXAM
STUDY GUIDE

Only pages 1-3 are available for preview. Some parts have been intentionally blurred.

Only pages 1-3 are available for preview. Some parts have been intentionally blurred.

ITM 820- Chapter 1/Module 1 [Overview]
Computer Security: deals with computer-related assets that are subject to a variety
of threats, and for which various measures are taken to protect those assets, 3
fundamental questions:
1. What assets do we need to project?
2. How are those assets threatened?
3. What can we do to counter those threats?
National Institute of Standards and Technology (NIST) definition:
Computer Security: The protection afforded to an automated information
system in order to attain the applicable objectives of preserving the integrity,
availability, and confidentiality of information system resources (includes
hardware, software, firmware, information/data, and telecommunications).
It also introduces three key objectives that are at the heart of computer security:
1. Confidentiality
a. Data confidentiality: this assures that private or confidential
information is not made available or disclosed to unauthorized
individuals
b. Privacy: this assures that individuals control or influence what
information related to them may be collected and stored and by
whom and to whom that information may be disclosed
2. Integrity
a. Data integrity: this assures that information and programs are
changed only in a specified and authorized manner
b. System integrity: this assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system
3. Availability: this assures that systems work promptly and service is not
denied to authorized users
CIA Model summarized below:
Confidentiality: preserving authorized restrictions on information access
and disclosure, including means for protecting personal privacy and
proprietary information. A loss of confidentiality is the unauthorized
disclosure of information
Integrity: guarding against improper information modification or
destruction, including ensuring information non-repudiation and
authenticity. A loss of integrity is the unauthorized medication or destruction
of information
Availability: ensuring timely and reliable access to and use of information. A
loss of availability is the disruption of access to or use of information or an
information system
find more resources at oneclass.com
find more resources at oneclass.com
You're Reading a Preview

Unlock to view full version

Only pages 1-3 are available for preview. Some parts have been intentionally blurred.

Additional concepts:
Authenticity: The property of being genuine and being able to be verified
and trusted; confidence in the validity of a transmission, a message, or
message originator. This means verifying that users are who they say they
are and that each input arriving at the system came from a trusted source.
Accountability: The security goal that generates the requirement for actions
of an entity to be traced uniquely to that entity. This supports non-
repudiation, deterrence, fault isolation, intrusion detection and prevention,
and after-action recovery and legal action. Because truly secure systems
aren’t yet an achievable goal, we must be able to trace a security breach to a
responsible party. Systems must keep records of their activities to permit
later forensic analysis to trace security breaches or to aid in transaction
disputes
Levels of Security Breach Impact
Low: The loss could be expected to have a limited adverse effect on
organizational operations, organizational assets, or individuals. A limited
adverse effect means that, for example, the loss of confidentiality, integrity,
or availability might:
1. Cause a degradation in mission capability to an extent and
duration that the organization is able to perform its primary focus,
but the effectiveness of the functions is noticeably reduced
2. Result in minor damage to organizational assets
3. Result in minor financial loss
4. Result in minor harm to individuals
Moderate: The loss could be expected to have a serious adverse effect on
organizational operations, organizational assets, or individuals. A serious
adverse effect means that, for example, the loss might:
1. Cause a siginificant degradation in mission capability to an extent
and duration that the organization is able to perform its primary
functions, but the effectiveness of the functions is significantly
reduced
2. Result in significant damage to organizational assets
3. Result in significant financial loss
4. Result in significant harm to individuals that does not involve loss
of life or serious, life-threatening injuries
High: The loss could be expected to have a severe or catastrophic adverse
effect on organizational operations, organizational assets, or individuals.
A severe or catastrophic adverse effect means that, for example, the loss
might:
1. Cause a server degradation in or loss of mission capability to an
extent and duration that the organization is not able to perform
one or more of its primary functions
find more resources at oneclass.com
find more resources at oneclass.com
You're Reading a Preview

Unlock to view full version