A. Information security practices Flashcards

1
Q

What is confidentiality to information security?

A

Confidentiality means prevention of unauthorized disclosure of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is integrity to information security?

A

Integrity ensures information is protected from unauthorized or unintentional alteration, modification or deletion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is availability to information security?

A

Availability means information is readily accessible to authorized users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is CIA to information security?

A

Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How is risk defined by information security?

A

The combination of the probability of an event and its consequence (ISO/IEC 73)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or legal nature.

A

controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Preventive controls

A

Prevent an incident from occurring (e.g., preventing unauthorized users) - firewalls, passwords, training.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Detective controls

A

Detect and report when errors, omissions and unauthorized uses of entries occur (e.g., by sounding an alarm and alerting the appropriate person). audits, anti-virus software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Corrective controls

A

intended to limit the extent of any damage caused by the incident.

They are designed to correct errors, omissions and unauthorized uses and intrusions once they are detected (e.g., by recovering the organization to normal working status as efficiently as possible). business continuity plans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Best known and most prominent information security standards.

A

International Organization for Standardization (ISO) Standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Privacy and Information Security disconnects

A

Privacy has a wider set of obligations; confidentiality (personal information, for example phone numbers, is not always confidential); different classification systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Privacy and Information Security overlaps

A

Both groups have vested interested in keeping information safe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data Destruction

A

One important way to protect personal information and privacy is to destroy personal information when it is no longer needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Information security classification categories

A

Most information security classification schemas use the following categories:

1) Public
2) Confidential
3) Highly confidential
4) Restricted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How to best align information security and privacy teams

A

Team; don’t reinvent; stay aware; rank and prioritize problems/risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Access control

A

Access to an organization’s information systems should be tied to an employee’s role.

No employees should have greater information access than is necessary to perform their job functions.

17
Q

Segregation of duties.

A

Ensure one person cannot exploit or gain access to information inappropriately.

18
Q

Least privilege.

A

Grant access at the lowest possible level required to perform the function.

19
Q

Need-to-know access.

A

Restrict access to only information that is critical to the performance of an authorized, assigned mission

20
Q

physical controls

A

locks, fences

21
Q

technical controls

A

user logins, firewalls

22
Q

administrative controls

A

incident response processes

23
Q

Administrative Controls

A

1) incident response processes
2) training
3) oversight

24
Q

MAC filtering is

A

a security method based on access control. In this, each address is assigned a 48-bit address which is used to determine whether we can access a network or not.

It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you don’t want on your Wi-Fi.

25
Q

Data On Demand

A

aggregates exclusive data sources to create solutions that add insight, create engagement, uplift contact volumes and improve success. We provide data for tracing, verification, marketing and enhancement.

26
Q

What is server-driven UI?

A

It is terminology through which the server is responsible for showing and controlling the components(views) on the frontend (in our case mobile app). It is also called as backend-driven UI.

27
Q

Cloud computing is

A

the delivery of different services through the Internet. These resources include tools and applications like data storage, servers, databases, networking, and software.

As long as an electronic device has access to the web, it has access to the data and the software programs to run it.