A. Information security practices

Question 1

What is confidentiality to information security?

Answer 1

Confidentiality means prevention of unauthorized disclosure of information.

Question 2

What is integrity to information security?

Answer 2

Integrity ensures information is protected from unauthorized or unintentional alteration, modification or deletion.

Question 3

What is availability to information security?

Answer 3

Availability means information is readily accessible to authorized users

Question 4

What is CIA to information security?

Answer 4

Confidentiality, Integrity, Availability

Question 5

How is risk defined by information security?

Answer 5

The combination of the probability of an event and its consequence (ISO/IEC 73)

Question 6

The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or legal nature.

Answer 6

controls

Question 7

Preventive controls

Answer 7

Prevent an incident from occurring (e.g., preventing unauthorized users) - firewalls, passwords, training.

Question 8

Detective controls

Answer 8

Detect and report when errors, omissions and unauthorized uses of entries occur (e.g., by sounding an alarm and alerting the appropriate person). audits, anti-virus software.

Question 9

Corrective controls

Answer 9

intended to limit the extent of any damage caused by the incident.

They are designed to correct errors, omissions and unauthorized uses and intrusions once they are detected (e.g., by recovering the organization to normal working status as efficiently as possible). business continuity plans.

Question 10

Best known and most prominent information security standards.

Answer 10

International Organization for Standardization (ISO) Standards

Question 11

Privacy and Information Security disconnects

Answer 11

Privacy has a wider set of obligations; confidentiality (personal information, for example phone numbers, is not always confidential); different classification systems

Question 12

Privacy and Information Security overlaps

Answer 12

Both groups have vested interested in keeping information safe.

Question 13

Data Destruction

Answer 13

One important way to protect personal information and privacy is to destroy personal information when it is no longer needed

Question 14

Information security classification categories

Answer 14

Most information security classification schemas use the following categories:

1) Public
2) Confidential
3) Highly confidential
4) Restricted

Question 15

How to best align information security and privacy teams

Answer 15

Team; don’t reinvent; stay aware; rank and prioritize problems/risks

Question 16

Access control

Answer 16

Access to an organization’s information systems should be tied to an employee’s role.

No employees should have greater information access than is necessary to perform their job functions.

Question 17

Segregation of duties.

Answer 17

Ensure one person cannot exploit or gain access to information inappropriately.

Question 18

Least privilege.

Answer 18

Grant access at the lowest possible level required to perform the function.

Question 19

Need-to-know access.

Answer 19

Restrict access to only information that is critical to the performance of an authorized, assigned mission

Question 20

physical controls

Answer 20

locks, fences

Question 21

technical controls

Answer 21

user logins, firewalls

Question 22

administrative controls

Answer 22

incident response processes

Question 23

Administrative Controls

Answer 23

1) incident response processes
2) training
3) oversight

Question 24

MAC filtering is

Answer 24

a security method based on access control. In this, each address is assigned a 48-bit address which is used to determine whether we can access a network or not.

It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you don’t want on your Wi-Fi.

Question 25

Data On Demand

Answer 25

aggregates exclusive data sources to create solutions that add insight, create engagement, uplift contact volumes and improve success. We provide data for tracing, verification, marketing and enhancement.

Question 26

What is server-driven UI?

Answer 26

It is terminology through which the server is responsible for showing and controlling the components(views) on the frontend (in our case mobile app). It is also called as backend-driven UI.

Question 27

Cloud computing is

Answer 27

the delivery of different services through the Internet. These resources include tools and applications like data storage, servers, databases, networking, and software.

As long as an electronic device has access to the web, it has access to the data and the software programs to run it.