CIA Triad

Question 1

CIA Strategy steps.

Answer 1

Risk assessment, Disaster recovery, Employee security policy, Security Audit, Regulatory Standard, and Security Dashboard

Question 2

Identify risks that could occur. ie. DDoS, or insider fraud

Answer 2

Step 2 of Risk Assessment

Question 3

Regulatory Standard that requires health plans, and medical service providers to regulate the use and disclosure of an individual’s health information.

Answer 3

Health Insurance Portability and Accountability Act

Question 4

Perform cost-benefit analysis. How much security is worth the risk

Answer 4

Step 7 Risk Assessment

Question 5

Assess frequency, and likelihood of events.

Answer 5

Step 3 of Risk Assessment

Question 6

What part of the CIA strategy involves checking how well implemented a security policy is?

Answer 6

Security Audit

Question 7

Determine how each threat can be mitigated. How can we minimize damage?

Answer 7

Step 5 Risk Assessment

Question 8

Determine wether or not to implement, or reassess

Answer 8

Step 8 Risk Assessment

Question 9

Regulatory Standard that requires financial institutions to assist U.S. government to detect and prevent money laundering

Answer 9

Bank Secrecy Act of 1970

Question 10

Regulatory Standard that requires organizations doing business with those in the EU with a mechanism to comply with EU data protection requirements

Answer 10

European Union - United states privacy shield

Question 11

Identify assets that support mission, or primary goals. Most important assets.

Answer 11

Step 1 of Risk Assessment

Question 12

Regulatory standard that requires every federal agency to provide information security for the data and information systems that support the agency’s operations and assets.

Answer 12

Federal Information Security Management Act

Question 13

Regulatory standard that requires any person that engages in foreign engagements to not make certain payments to foreign persons, and to maintain accurate records

Answer 13

Foreign Corrupt Practices Act

Question 14

Determine the impact of each threat. How bad will it hurt?

Answer 14

Step 4 of Risk Assessment

Question 15

Regulatory Standard that requires companies that offer financial products or services to take care with the collection, disclosure, and protections of consumers nonpublic personal information.

Answer 15

Gramm-Leach-Bliley Act

Question 16

what rule of the GLBA prohibits deceptive methods of obtaining personal financial information, and encourages financial institutions to safeguard against doing so?

Answer 16

Pretexting provisions

Question 17

What rule of the GLBA requires the establishment of security measures to prevent data breeches?

Answer 17

Safeguard Rule

Question 18

Rule of the GLBA that the financial institution must tell the customer what data is gathered, who get’s to use it, how it’s used and how it’s protected.

Answer 18

Privacy Rule

Question 19

Assess feasibility of implementing mitigation options

Answer 19

Step 6 Risk Assessment

Question 20

Regulatory Standard that requires all organizations that transmit payment card data to ensure the safe handling of cardholder information.

Answer 20

Payment Card Industry Data Security Standard

Question 21

Regulatory Standard that requires all public corporations to protect shareholders and general public from accounding errors and fraud.

Answer 21

Sarbanese-Oxley Act

Question 22

CIA Strategy step used to display key performance indicators related to an organization’s security defense

Answer 22

Security Dashboard

Question 23

Methods for implementing CIA at the application level

Answer 23

Authentication methods, User Roles and Accounts, and data encryption

Question 24

Methods for implementing CIA at the End-User Level

Answer 24

Security Education, Authentication Methods, Anti-virus software, and data encryption