Chapter 1

Question 1

Define Information Technology or Information Systems

Answer 1

The hardware and software that support the operations or functions of a business

Question 2

What are the three common types of security evaluation?

Answer 2

Risk Assessment, Vulnerability Assessment, and Penetration testing

Question 3

Define Risk Assessment

Answer 3

identifying assets, threats, and vulnerabilities to calculate risk. Once risk is understood, it is used to guide the improvement of the existing security infrastructure

Question 4

Define Vulnerability assessment

Answer 4

automated tools to locate known security weaknesses, which can be addressed by adding more defenses or adjusting the current protections.

Question 5

Define Penetration testing

Answer 5

uses trusted teams to stress-test the security infrastructure to find issues that may not be discovered by the prior two means and to find those concerns before an adversary takes advantage of them.

Question 6

What are the 5 Pillars of Information Security

Answer 6

confidentiality, integrity, availability, authenticity, and nonrepudiation

Question 7

What 3 Pillars of Information Security are CIA

Answer 7

Confidentiality, Integrity, Availability

Question 8

What is Confidentiality?

Answer 8

the concept of the measures used to ensure the protection of the secrecy of data, objects, or resources. The goal of confidentiality protection is to prevent or minimize unauthorized access to data. Confidentiality protections prevent disclosure while protecting authorized access.

Question 9

What are the 8 concepts of Confidentiallity?

Answer 9

Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion, Isolation

Question 10

What is Sensitivity?

Answer 10

refers to the quality of information that could cause harm or damage if disclosed.

Question 11

What is Discretion?

Answer 11

a decision where an operator can influence or control disclosure to minimize harm or damage.

Question 12

What is Criticality?

Answer 12

The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information.

Question 13

What is Concealment

Answer 13

The act of hiding or preventing disclosure. Concealment is often viewed as a means of cover, obfuscation, or distraction. A related concept to concealment is security through obscurity, which attempts to gain protection through hiding, silence, or secrecy.

Question 14

What is Secrecy?

Answer 14

the act of keeping something a secret or preventing the disclosure of information.

Question 15

What is Privacy?

Answer 15

keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.

Question 16

What is Seclusion?

Answer 16

storing something in an out-of-the-way location, likely with strict access controls.

Question 17

What is Isolation?

Answer 17

the act of keeping something separated from others.

Question 18

What is integrity

Answer 18

the concept of protecting the reliability and correctness of data.

Question 19

What are the three perspectives of integrity?

Answer 19

Preventing unauthorized subjects from making modifications
Preventing authorized subjects from making unauthorized modifications, such as mistakes
Maintaining the internal and external consistency of objects so that their data is a correct and true reflection of the real world and any relationship with any other object is valid, consistent, and verifiable

Question 20

What is accuracy?

Answer 20

Being correct and precise

Question 21

What is truthfulness?

Answer 21

Being a true reflection of reality

Question 22

What is validity?

Answer 22

Being factually or logically sound

Question 23

What is accountability?

Answer 23

Being responsible or obligated for actions and results

Question 23

What is responsibility?

Answer 23

Being in charge or having control over something or someone

Question 24

What is completeness?

Answer 24

Having all necessary components or parts

Question 25

What is comprehensiveness?

Answer 25

Being complete in scope; the full inclusion of all needed elements

Question 26

What is availability?

Answer 26

authorized subjects are granted timely and uninterrupted access to objects.

Question 27

What is usability?

Answer 27

The state of being easy to use or learn or being able to be understood and controlled by a subject

Question 28

What is Accessability?

Answer 28

The assurance that the widest range of subjects can interact with a resource regardless of their capabilities or limitations

Question 29

What is timeliness?

Answer 29

Being prompt, on time, within a reasonable time frame, or providing a low-latency response

Question 30

What is the DAD triad?

Answer 30

Disclosure, alteration, and destruction

Question 31

What is disclosure?

Answer 31

when sensitive or confidential material is accessed by unauthorized entities. It is a violation of confidentiality.

Question 32

What is alteration?

Answer 32

when data is either maliciously or accidentally changed. It is a violation of integrity.

Question 33

What is desctruction?

Answer 33

when a resource is damaged or made inaccessible to authorized users (technically, we usually call the latter denial of service [DoS]). Destruction is a violation of availability.