Chapter 1

Question 1

Adequate Security

Answer 1

Security equivalent with the risk and magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of information

Question 2

Administrative Controls

Answer 2

Controls implemented through policy and procedures. Examples include: access control processes and requiring multiple personnel to conduct specific operation.

Question 3

Artificial Intelligence

Answer 3

Ability of computers and robots to simulate human intelligence and behavior

Question 4

Asset

Answer 4

Anything of value owned by an organization

Question 5

Authentication

Answer 5

Access control process validating identity being claimed by a user/entity is known to the system by comparing one (single factor) or more (multifactor)

Question 6

Authorization

Answer 6

Right or permission that is granted to a system entity to access a system resource

Question 7

Availability

Answer 7

Ensuring timely and reliable access to and use of information by authorized users

Question 8

Baseline

Answer 8

lowest level of security configuration allowed by a standard or organization

Question 9

Biometric

Answer 9

biological characteristics of an individual, such as fingerprint, hand geometry, voice, iris patterns

Question 10

Bot

Answer 10

malicious code acting like a remote controlled robot for an attacker with trojan/worm capabilities

Question 11

Confidentiality

Answer 11

characteristic of data/information when not made availability or disclosed to unauthorized persons/processes

Question 12

Criticality

Answer 12

measure of degree to which an organization depends on the information/system for success of mission/business function

Question 13

Data Integrity

Answer 13

property that data has not been altered in an unauthorized manner- covers data in storage, during processing, and while in transit

Question 14

Encryption

Answer 14

process and act of converting message from plaintext to ciphertex

Question 15

General Data Protection Regulation (GDPR)

Answer 15

European Union passed this to address personal privacy, deeming it an individual human right

Question 16

Institute of Electrical and Electronic Engineers

Answer 16

Professional organization that sets standards for telecommunications, computer engineering and similar disciplines

Question 17

Health Insurance Portability and Accountability Act (HIPAA)

Answer 17

Most important healthcare information regulation in the US. Protects the privacy of individual health information and electronic healthcare transactions.

Question 18

International Organization of Standards (ISO)

Answer 18

ISO develops voluntary international standards in collaboration with partners in international standardization, International Electro-technical Commission, and International Telecommunication Union

Question 19

Internet Engineering Task Force (IETF)

Answer 19

Internet standards organization that defines protocol standards through a process of collaboration and consensus

Question 20

Likelihood

Answer 20

Probability potential vulnerability may be exercised

Question 21

Multi-factor Authentication

Answer 21

Using 2 or more distinct instances of the three factors of authentication (something you know, something you have, something you are) for identity verification

Question 22

National Institute of Standards and Technology

Answer 22

part of US Dept of Commerce, sets standards in several areas

Question 23

Non-repudiation

Answer 23

Inability to deny taking an action such as creating information. approving information and sending or receiving a message, cannot deny the validity of the action taken because of their signature

Question 24

Physical controls

Answer 24

Controls implemented through a tangible mechanism

Question 25

Qualitative Risk Analysis

Answer 25

method for risk analysis- based on Low, Medium or High

Question 26

Quantitative Risk Analysis

Answer 26

method for risk analysis- numerical values are assigned to both impact and likelihood

Question 27

Risk acceptance

Answer 27

determining potential benefits of a business function outweigh possible risk

Question 28

Risk avoidance

Answer 28

Determining the impact and/or likelihood of specific risk is too great to be offset by potential benefits and not performing a certain business function because of that determination

Question 29

Risk Management Framework

Answer 29

structured approach to oversee and manage risk for an enterprise

Question 30

Risk tolerance

Answer 30

level of risk an entity is willing to assume to achieve a potential desired result

Question 31

Risk transference

Answer 31

paying external party to accept financial impact of a given risk

Question 32

System integrity

Answer 32

Quality a system has when it performs intended function in an unimpaired manner, free from unauthorized manipulation of a system, whether intentional or accidental

Question 33

Threat vector

Answer 33

Means by which a threat actor carries out their objectives