CH 1: Information Systems Security exam questions and answers

World Wide Web (WWW) A collection of documents that are hyperlinked among one another & accessed using the internet Protocol A list of rules & methods for communicating individuals, businesses, organizations, & governments that are connected to the Internet or the Web TCP/IP Transmission Control Protocol/Internet Protocol A popular suite of protocols that operate at both the Network & Transport Layer of the OSI Reference Model. It governs all activity across the Internet & through most corporate & home networks Smartphones A cell phone that runs mobile communications software & supports voice, Internet browsing, e-mail, & text messaging Acceptable Use Policy (AUP) An organization-wide policy that defines what is allowed & disallowed regarding use of IT assets by employees Availability A mathematical formula that quantifies the amount of uptime for a system compared to the amount of downtime. Usually displayed as a ratio or percentage Biometric A physiological or behavioral human-recognition system (eg. fingerprint reader, a retina scanner, a voice-recognition reader, etc.) BlackBerry A brand name for a line of smartphones & handheld mobile devices Business Continuity Plan (BCP) A plan for how to handle outages to IT systems, applications, & data access in order to maintain business applications Business Impact Analysis (BIA) A prerequisite analysis for a business continuity plan that prioritizes mission critical systems, applications, & data & the impact of an outage or downtime CISSP Certified Information Systems Security Professional Children's Internet Protection Act (CIPA) A federal law enacted by congress to address concerns about access to offensive content over the internet on school & library computers Ciphertext The opposite of cleartext. Data sent as this is not visible & non decipherable. Cleartext The opposite of ciphertext. Data sent this way is visible & decipherable Confidentiality The requirement to keep information private or secret Content Filtering The blocking of specific key words or phrases in domain-name & URL lookups. Specific URLs & domain names can be prevented from being accessed with content filters Cryptography The study or practice of hiding information Cybersecurity The act of securing & protecting individuals Cyberspace The global online virtual world created by the Internet where individuals, businesses, organizations, & governments connect to one another Data Classification Standard A definition of different data types Demilitarized Zone (DMZ) An exterior network that acts as a buffer zone between the public Internet & an organization's IT infrastructure (ie. LAN-to-WAN Domain) Disaster Recovery Plan (DRP) A written plan for how to handle major disasters or outages & recover mission-critical systems, applications, & data Downtime E-commerce The buying & selling of goods & services online through a secure Web site with payment by credit card or direct debit from a checking account Encryption The act of transforming cleartext data into decipherable ciphertext End-User License Agreement (EULA) A licensing agreement between the software manufacturer & purchaser, which limits the liability for software errors, bugs, or vulnerabilities Ethernet An IEEE 802.3 CSMA/CD standard for Ethernet networking supporting speeds from 10 Mbps to 10 Gpbs Family Educational Rights & Privacy Act (FERPA) A U.S. federal law that protects the private data of students, including their transcripts & grades, with which K-12 & higher-education institutions must comply Federal Information Security Management Act (FISMA) A U.S. federal law that requires U.S. governm