chapter 1+2 Information security and cloud secuity

Question 1

What is information system security?

Answer 1

Information system security (infosec) refers to the processes and methodologies involved with keeping information confidential, available, and assuring its integrity.

Question 2

What are the key objectives of security?

Answer 2

The key objectives of security are Prevention, Detection, Response, and Recovery (PDRR).

Question 3

Why is security important?

Answer 3

Security is important for protecting against threats, safeguarding assets, maintaining trust, ensuring compliance, and preventing financial loss.

Question 4

What are tangible assets?

Answer 4

Tangible assets are physical, material objects that can be touched or measured, such as hardware and facilities.

Question 5

What are intangible assets?

Answer 5

Intangible assets are non-physical resources that provide value but cannot be touched, such as data and brand reputation.

Question 6

What types of assets should be secured?

Answer 6

Types of assets that should be secured include Information Assets, Physical Assets, Digital Assets, Network Assets, and Human Assets.

Question 7

What is the relationship between different types of security?

Answer 7

Different types of security, such as information security, cybersecurity, internet security, network security, and web security, are interrelated and collectively form a layered approach to protecting assets.

Question 8

What is the OSI Security Architecture?

Answer 8

The OSI Security Architecture considers three aspects: security attacks, security mechanisms, and security services.

Question 9

What does confidentiality ensure?

Answer 9

Confidentiality ensures that computer-related assets are accessed only by authorized parties.

Question 10

What is the goal of hardening systems?

Answer 10

The goal of hardening systems is to make it harder to exploit vulnerabilities, deterring attackers by increasing effort and reducing reward.

Question 11

What is the significance of layered security?

Answer 11

A layered security approach combines multiple layers of protection to create a stronger defense, reducing overall risk if one layer fails.

Question 12

What are primary information assets?

Answer 12

Primary information assets are data, information, or knowledge that has value, is organized, and enables the organization to operate business processes.

Question 13

What are supporting, secondary information assets?

Answer 13

Supporting, secondary information assets include software, hardware, people, physical infrastructure, processes, and purchased services essential for making data available.

Question 14

What is an organization in the context of security?

Answer 14

An organization intended to counter security attacks and make use of one or more security mechanisms to provide the service.

Examples include having signatures, dates, and needing protection from disclosure, tampering, or destruction.

Question 15

What does the ‘C’ in CIA stand for?

Answer 15

Confidentiality: ensures that computer-related assets are accessed only by authorized parties.

Question 16

What is data confidentiality?

Answer 16

Assures that private or confidential information is not made available or disclosed to unauthorized individuals.

Question 17

What is privacy in the context of confidentiality?

Answer 17

Assures that individuals control or influence what information related to them may be collected and stored and by whom.

Question 18

What does the ‘I’ in CIA stand for?

Answer 18

Integrity: means that assets can be modified only by authorized parties or only in authorized ways.

Question 19

What is data integrity?

Answer 19

Assures that information and programs are changed only in a specified and authorized manner.

Question 20

What does the ‘A’ in CIA stand for?

Answer 20

Availability: means that assets are accessible to authorized parties at appropriate times.

Question 21

What is the impact of a loss of availability?

Answer 21

Disruption of access to or use of information or an information system.

Question 22

What is authenticity in information security?

Answer 22

The property of being genuine and being able to be verified and trusted.

Question 23

What is accountability in information security?

Answer 23

The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.

Question 24

What is authentication?

Answer 24

Any process by which you verify that someone is who they claim they are.

Question 25

What is non-repudiation?

Answer 25

Means that the sender or generator of information cannot deny that they did send or generate the information.

Question 26

What is access control?

Answer 26

Only authorized parties can use specific resources.

Question 27

What are the three levels of impact on organizations from a breach of security?

Answer 27

Low, Moderate, High.

Question 28

What is the Hacker’s Triad?

Answer 28

DAD: Disclosure, Alteration, Destruction.

Question 29

What is a vulnerability?

Answer 29

A weakness in the security system implementation or operation that can make assets corrupted, leaky, or unavailable.

Question 30

What is a threat?

Answer 30

Capable of exploiting vulnerabilities and represents potential security harm to an asset.

Question 31

What is an attack?

Answer 31

An action or series of actions to harm a system, leading to a violation of security policy.

Question 32

What is a countermeasure?

Answer 32

Any means taken to deal with a security attack, ideally to prevent, detect, or recover from the attack.

Question 33

What are the two types of attacks based on impact?

Answer 33

Passive attacks and Active attacks.

Question 34

What is a passive attack?

Answer 34

Attempts to learn or make use of information from the system but does not affect system resources.

Question 35

What is an active attack?

Answer 35

Attempts to alter system resources or affect their operation.

Question 36

What is interception in the context of attacks?

Answer 36

Eavesdropping where an unauthorized party gains access to an asset, attacking confidentiality.

Question 37

What is interruption in the context of attacks?

Answer 37

The action of preventing a message from reaching its intended recipient, attacking availability.

Question 38

What is modification in the context of attacks?

Answer 38

An unauthorized party alters the content of a message, attacking integrity.

Question 39

What is fabrication in the context of attacks?

Answer 39

An unauthorized party inserts counterfeit objects into the system, attacking authenticity.

Question 40

What are the fundamental principles of information security design?

Answer 40

Isolation, Encapsulation, Least privilege, Economy of mechanism.