CH 8.4 Information Security Flashcards

1
Q

What is confidentiality to information security?

A

Confidentiality means prevention of unauthorized disclosure of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is integrity to information security?

A

Integrity ensures information is protected from unauthorized or unintentional alteration, modification or deletion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is availability to information security?

A

Availability means information is readily accessible to authorized users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is CIA to information security?

A

Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How is risk defined by information security?

A

The combination of the probability of an event and its consequence (ISO/IEC 73)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or legal nature.

A

controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Preventive controls

A

Prevent an incident from occurring (e.g., preventing unauthorized users) - firewalls, passwords, training.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Detective controls

A

Detect and report when errors, omissions and unauthorized uses of entries occur (e.g., by sounding an alarm and alerting the appropriate person). audits, anti-virus software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Corrective controls

A

intended to limit the extent of any damage caused by the incident.

They are designed to correct errors, omissions and unauthorized uses and intrusions once they are detected (e.g., by recovering the organization to normal working status as efficiently as possible). business continuity plans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Best known and most prominent information security standards.

A

International Organization for Standardization (ISO) Standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Privacy and Information Security disconnects

A

Privacy has a wider set of obligations; confidentiality (personal information, for example phone numbers, is not always confidential); different classification systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Privacy and Information Security overlaps

A

Both groups have vested interested in keeping information safe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Information security classification categories

A

Most information security classification schemas use the following categories:

1) Public
2) Confidential
3) Highly confidential
4) Restricted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Access control

A

Access to an organization’s information systems should be tied to an employee’s role.

No employees should have greater information access than is necessary to perform their job functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Segregation of duties.

A

Ensure one person cannot exploit or gain access to information inappropriately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Least privilege.

A

Grant access at the lowest possible level required to perform the function.

17
Q

Need-to-know access.

A

Restrict access to only information that is critical to the performance of an authorized, assigned mission

18
Q

physical controls

A

locks, fences

19
Q

technical controls

A

user logins, firewalls

20
Q

administrative controls

A

incident response processes

21
Q

Administrative Controls

A

1) incident response processes
2) training
3) oversight