©THESTAR EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
CYBR 3100 Test 1 Study Guide
Computer security - answer✔In the early days of computers, this term specified the need to
secure the physical location of computer technology from outside threats. This term later came
to represent all actions taken to preserve computer systems from losses. It has evolved into the
current concept of information security as the scope of protecting information in an
organization has expanded.
C.I.A. triad - answer✔The industry standard for computer security since the development of the
mainframe. The standard is based on three characteristics that describe the utility of
information: confidentiality, integrity, and availability
communications security - answer✔The protection of all communications media, technology,
and content
information security - answer✔Protection of the confidentiality, integrity, and availability of
information assets, whether in storage, processing, or transmission, via the application of
policy, education, training and awareness, and technology.
network security - answer✔A subset of communications security; the protection of voice and
data networking components, connections, and content
security - answer✔A state of being secure and free from danger or harm. Also, the actions
taken to make someone or something secure
accuracy - answer✔An attribute of information that describes how data is free of errors and has
the value that the user expects
authenticity - answer✔An attribute of information that describes how data is genuine or
original rather than reproduced or fabricate
availability - answer✔An attribute of information that describes how data is accessible and
correctly formatted for use without interference or obstruction
confidentiality - answer✔An attribute of information that describes how data is protected from
disclosure or exposure to unauthorized individuals or systems.
integrity - answer✔An attribute of information that describes how data is whole, complete, and
uncorrupted.
1|Page
, ©THESTAR EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
personally identifiable information (PII) - answer✔A set of information that could uniquely
identify an individual.
possession - answer✔An attribute of information that describes how the data's ownership or
control is legitimate or authorized.
utility - answer✔An attribute of information that describes how data has value or usefulness for
an end purpose.
McCumber Cube - answer✔A graphical representation of the architectural approach widely
used in computer and information security; commonly shown as a cube composed of 3 3 3 cells,
similar to a Rubik's Cube
information system (IS) - answer✔The entire set of software, hardware, data, people,
procedures, and networks that enable the use of information resources in the organization.
physical security - answer✔The protection of physical items, objects, or areas from
unauthorized access and misuse.
bottom-up approach - answer✔A method of establishing security policies and/or practices that
begins as a grassroots effort in which systems administrators attempt to improve the security of
their systems.
top-down approach - answer✔A methodology of establishing security policies and/or practices
that is initiated by upper management.
systems development life cycle (SDLC) - answer✔A methodology for the design and
implementation of an information system. The SDLC contains different phases depending on
the methodology deployed, but generally the phases address the investigation, analysis, design,
implementation, and maintenance of an information system.
methodology - answer✔A formal approach to solving a problem based on a structured
sequence of procedures.
waterfall model - answer✔A type of SDLC in which each phase of the process "flows from" the
information gained in the previous phase, with multiple opportunities to return to previous
phases and make adjustments.
software assurance (SA) - answer✔A methodological approach to the development of software
that seeks to build security into the development life cycle rather than address it at later stages.
SA attempts to intentionally create software free of vulnerabilities and provide effective,
efficient software that users can deploy with confidence.
2|Page
, ©THESTAR EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
chief information officer (CIO) - answer✔An executive-level position that oversees the
organization's computing technology and strives to create efficiency in the processing and
access of the organization's information
chief information security officer (CISO) - answer✔Typically considered the top information
security officer in an organization. The CISO is usually not an executive-level position, and
frequently the person in this role reports to the CIO.
project team - answer✔A small functional team of people who are experienced in one or
multiple facets of the required technical and nontechnical areas for the project to which they
are assigned.
data custodians - answer✔Individuals who work directly with data owners and are responsible
for storage, maintenance, and protection of information
data owners - answer✔Individuals who control, and are therefore responsible for, the security
and use of a particular set of information; data owners may rely on custodians for the practical
aspects
of protecting their information, specifying which users are authorized to access it, but they are
ultimately responsible for it.
data users - answer✔Internal and external stakeholders (customers, suppliers, and employees)
who interact with information in support of their organization's planning and operations
community of interest - answer✔A group of individuals who are united by similar interests or
values within an organization and who share a common goal of helping the organization to
meet its objectives
data - answer✔Items of fact collected by an organization. Data includes raw numbers, facts,
and words. Student quiz scores are a simple example of data.
information - answer✔Data that has been organized, structured, and presented to provide
additional insight into its context, worth, and usefulness. For example, a student's class average
can be presented in the context of its value, as in "90 = A."
information asset - answer✔The focus of information security; information that has value to
the organization, and the systems that store, process, and transmit the information
media - answer✔As a subset of information assets, the systems and networks that store,
process, and transmit information.
3|Page
