the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (including hardware, software, firmware, information data, and telecommunications).
— System integrity : Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Privacy – assures that individuals control or influence what information related to them may be collected an stored and by whom and to whom that information may be disclosed. Data integrity – assures that information and programs are changed only in a specified and authorized manner.
Which of the following security categories supports Nonrepudiation deterrence fault isolation and intrusion detection?
Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.
Is the disruption of access to or use of information or an information system?
A loss of availability is the disruption of access to or use of information or an information system.
Is the timely and reliable access to the use of information?
As defined in FISMA, the term ‘availability‘ means ensuring timely and reliable access to and use of information. The property that data or information is accessible and usable upon demand by an authorized person.
Which of the following is considered a formal aspect of an information systems security policy?
Which of the following is considered a formal aspect of an information systems security policy? … means information can be accessed and modified by anyone authorized to do so in an appropriate timeframe.
Unauthorized Disclosure, or UD, is the communication or physical transfer of classified information or controlled unclassified information, or CUI, to an unauthorized recipient.
DATA INTEGRITY: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).
What is message content release?
For a release of message content, a telephonic conversation, an E-mail message or a transferred file may contain confidential data. A passive attack monitors the contents of the transmitted data. Passive attacks are very difficult to detect because they do not involve any alteration of the data.
Which attacks attempt to learn or make of information from the system that does not affect system resources?
A “passive attack” attempts to learn or make use of information from the system but does not affect system resources, compromising confidentiality. A threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
What is a passive threat?
A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The purpose of a passive attack is to gain information about the system being targeted; it does not involve any direct action on the target.
Is an attempt to alter system resources or affect their operation?
An active attack attempts to alter system resources or affect their operation. … *Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: replay, masquerade, modification of messages, and denial of service.
What essential protections must be in place to protect information systems from danger?
Essential protections are physical security, operations security, communication security, and network security. CIA which stands for confidentiality, integrity, and availability.