Asset Security

Question 1

Security Program

Answer 1

A comprehensive set of security policies, procedures, and practices designed to protect an organization’s information assets from security threats.

Question 2

Definition of risk, asset, vulnerability, threat, exposure

Answer 2

• Risk: The potential for harm or loss resulting from vulnerabilities and threats.
• Asset: Anything of value to an organization, including data, hardware, software, and intellectual property.
• Vulnerability: Weaknesses or gaps in security that can be exploited to harm assets.
• Threat: Any potential danger to assets, such as cyberattacks, natural disasters, or human errors.
• Exposure: The extent to which an asset is susceptible to risk.

Question 3

Risk options (accept, mitigation/reduction, transfer, avoid):

Answer 3

• Accept: Choosing not to take any action to mitigate or avoid a risk and accepting the potential consequences.
• Mitigation/Reduction: Implementing measures to reduce the likelihood or impact of a risk.
• Transfer: Shifting the risk to another party, often through insurance or outsourcing.
• Avoid: Taking actions to eliminate the risk entirely.

Question 4

Risk assessment types (ex. probability vs impact):

Answer 4

• Risk Assessment: The process of identifying, evaluating, and prioritizing risks. There are different approaches, including:
• Probability vs Impact: Assessing risks based on the likelihood of occurrence and potential consequences.

Question 5

CIA Triad:

Answer 5

• CIA Triad: Stands for Confidentiality, Integrity, and Availability, which are the three core principles of information security. It ensures that data is secure, accurate, and accessible when needed.

Question 6

Professional ethics:

Answer 6

• Professional Ethics: A set of moral principles and standards that guide the behavior and conduct of professionals in a specific field, such as information security.

Question 7

BCP meaning:

Answer 7

• BCP (Business Continuity Planning): The process of creating a plan and strategy to ensure that an organization can continue its critical operations in the event of a disruption or disaster.

Question 8

What are security controls?:

Answer 8

• Security Controls: Measures or safeguards put in place to protect assets, mitigate risks, and maintain security. Examples include firewalls, access controls, and encryption.

Question 9

ITIL, COBIT, COSO, ISO27000:

Answer 9

• ITIL (Information Technology Infrastructure Library): A framework for IT service management.
• COBIT (Control Objectives for Information and Related Technologies): A framework for governing and managing IT.
• COSO (Committee of Sponsoring Organizations of the Treadway Commission): A framework for internal control.
• ISO 27000: A series of international standards for information security management systems (ISMS).

Question 10

Governance (laws, regs, industry req):

Answer 10

• Governance: The framework of rules, practices, and processes by which organizations are directed and controlled. It includes compliance with laws, regulations, and industry requirements.

Question 11

Security posture:

Answer 11

• Security Posture: The overall security status of an organization, which reflects its ability to defend against and respond to security threats and risks.