Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

INF2004F (IT in business) > 8.2) Controls for information security (policies and procedures) > Flashcards

8.2) Controls for information security (policies and procedures) Flashcards

1
Q

In summer 2021, retail giant Amazon’s financial records revealed that officials in Luxembourg issued a €___ million ($877 million) for breaches of the GDPR. According to a blog post by cybersecurity vendor Tessian, the full reasons behind the fine haven’t yet been confirmed, but it is believed to involve cookie consent. Amazon is said to be appealing the fine, with a spokesperson stating, “There has been no ____ breach, and no customer data has been exposed to any third party.”

A

746
no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Retail pharmacy group Dis-Chem has been found guilty of contravening various sections of the Protection of Personal Information Act (_______) after a cyber-attack compromised the personal records of more than ______ million South Africans last year. The Information Regulator has now given the retailer instructions to ensure people’s personal information is sufficiently safeguarded, or face a fine of up to R___ million or even imprisonment.

A

POPIA
Three
10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are information security controls?

A

Information security controls are measures and mechanisms put in place to protect the confidentiality, integrity, and availability of information assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What role does information security controls play?

A

Information security controls play an indispensable role in safeguarding valuable information assets, assuring the CIA triad requirements are met.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

True or false, In the current relentless battle against cyber threats, organizations require a solid and advanced platform that empowers them to fortify their information security defenses effectively.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the three primary categories of information secuirty controls? (3)

A
  1. Preventive controls
  2. Detective Controls
  3. Response controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the types of preventive coontrols? (3)

A

1) Administrative controls
2) Process controls
3) IT solution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are administrative controls? (4)

A
  • Developing policies and procedures [e.g., GDPR,POPIA]
  • Offering information security training
  • Creation of cybersecurity awareness culture
  • Change controls and change management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are process controls? (4)

A
  • User access control
  • Penetration testing
  • Backup and recovery plans
  • Log analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are IT solution controls? (3)

A
  • Anti-malware
  • Network access controls
  • Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the types of detective controls? (2)

A

1) Phyical security controls
2) Intrusion detection controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are physical security controls? (3)

A
  • Surveillance systems: installing CCTV cameras and other monitoring devices
  • Locks and biometric systems
  • Secured fences and Guards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are intrusion detection controls? (4)

A
  • Network-based Intrusion Detection Systems (NIDS)
  • Host-based Intrusion Detection Systems (HIDS)
  • Anomaly Detection Systems (ADS)
  • Hybrid Intrusion Detection Systems (HIDS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are Network-based Intrusion Detection Systems (NIDS)

A
  • Systems that monitor network traffic to identify real-time anomalies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are Host-based Intrusion Detection Systems (HIDS)?

A

Systems that installed on servers or workstations to detect unauthorized malicious behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are Anomaly Detection Systems (ADS)?

A
  • Systems that use artificial intelligence and machine learning to detect anomalies in network traffic thereby creating a multi-layered protection.
17
Q

What are Hybrid Intrusion Detection Systems (HIDS)?

A

Systems that combines the outputs of an anomaly-based detector and a signature-based detector to detect DDoS attacks

18
Q

What are the types of response controls? (2)

A
  • Computer Security Incident Response Teams (CSIRT)
  • Chief Information Security Officer (CISO)
19
Q

What are Computer Security Incident Response Teams (CSIRT)?

A
  • CSIRT, is a group of IT professionals that provides an
    organization with services and support surrounding the
    assessment, management and prevention of cybersecurityrelated emergencies
  • The mission of CSIRT is to provide an immediate, effective, and skillful response to any unexpected incident with information security implications
20
Q

What are Chief Information Security Officer (CISO)? (2)

A
  • CISO is a senior-level executive who is responsible for the security of an organization’s computer systems, databases, and cybersecurity
  • As a response mechanism, the CISO role indludes:
  • Develops information security strategies
  • Oversees information security governance
21
Q

What policies identify personal information protection? (3)

A
  • General Data Protection Regulation (GDPR)
  • Protection of Personal Information Act No. 4 of
    2013
  • Cybercrimes Act No. 19 of 2020
22
Q

The GDPR is comprehensive data ________ law enacted by
the European Union (EU) in May 2018

A

privacy

23
Q

What is the primary objective of the General Data Protection Regulation (GDPR)?

A

The primary objective of the GDPR is to harmonize data
protection regulations across the EU member
states, as well as to provide greater protection and
control over personal data for EU citizens.

24
Q

What are the principles of the GDPR? (8)

A
25
Q

What is the Protection of Personal Information Act No. 4 of 2013? (2)

A
  • POPIA is a comprehensive data protection law enacted in South Africa
  • It aims to regulate the processing of personal information by public and private bodies in order to protect the privacy rights of individuals
26
Q

What are the key principles of POPIA? (8)

A
27
Q

What is the Cybercrimes Act No. 19 of 2020? (2)

A
  • Cybercrimes Act No. 19 of 2020 aims to address the evolving challenges posed by cyber threats and to strengthen the legal framework for combating cybercrimes in South Africa.
  • The Act t also helps law enforcement to enforce the law and hopefully protect the people of South Africa from criminals.
28
Q

What are the key principles of the Cybercrimes Act No. 19 of 2020? (7)

A

INF2004F (IT in business) (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions