Chapter 1: Security Governance

Question 1

What are the three primary security principles?

Answer 1

Confidentiality, Integrity, Availability

Question 2

What is the CIA Triad?

Answer 2

Confidentiality, Integrity, Availability; these are the primary goals and objectives of security

Question 3

How are security controls evaluated?

Answer 3

By how well they address the core info security tenets of Confidentiality, Integrity, and Availability

Question 4

How are vulnerabilities and risks evaluated?

Answer 4

Based on the threat they pose against one of the CIA Triad principles

Question 5

What are the most important principles in security?

Answer 5

Confidentiality, Integrity, Availability

Question 6

What does ‘Confidentiality’ mean?

Answer 6

If a security mechanism offers confidentiality, it offers a high level of assurance that data, objects, or resources are restricted from unauthorized subjects.

Question 7

Unauthorized disclosure impacts which security objective?

Answer 7

Confidentiality

Question 8

How is confidentiality maintained on a network?

Answer 8

Data must be protected from unauthorized access, use, or disclosure while in storage, in process, and in transit.

Question 9

What are some attacks that focus on the violation of confidentiality?

Answer 9

capturing network traffic, stealing password files, social engineering, port scanning, shoulder surfing, eavesdropping, sniffing, etc

Question 10

What countermeasures can be used to ensure confidentiality?

Answer 10

encryption, network traffic padding, strict access control, rigorous authentication procedures, data classification, extensive personnel training

Question 11

List the conditions/aspects of confidentiality.

Answer 11

Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion, Isolation

Question 12

Describe ‘Sensitivity’

Answer 12

One of the conditions/aspects of confidentiality. Refers to the quality of information, which could cause harm if disclosed. Maintaining confidentiality of sensitive information helps prevent harm or damage.

Question 13

Describe ‘Discretion’

Answer 13

One of the conditions/aspects of confidentiality. Discretion is an act of decision where an operator can influence or control disclosure in order to minimize harm or damage.

Question 14

Describe ‘Criticality’

Answer 14

One of the conditions/aspects of confidentiality. The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information.

Question 15

Describe ‘Concealment’

Answer 15

One of the conditions/aspects of confidentiality. The act of hiding or preventing disclosure. Often concealment is viewed as a means of cover, obfuscation, or distraction.

Question 16

Describe ‘Secrecy’

Answer 16

One of the conditions/aspects of confidentiality. Secrecy is the act of keeping something a secret or preventing the disclosure of information.

Question 17

Describe ‘Privacy’

Answer 17

One of the conditions/aspects of confidentiality. Privacy refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.

Question 18

Describe ‘Seclusion’

Answer 18

One of the conditions/aspects of confidentiality. Seclusion involves storing something in an out-of-the-way location which can also provide strict access controls. Seclusion can help enforcement of confidentiality protections.

Question 19

Describe ‘Isolation’

Answer 19

One of the conditions/aspects of confidentiality. Isolation is the act of keeping something separated from others. Isolation can be used to prevent commingling of information or disclosure of information.