Cit

Question 1

What is Information Security?

Answer 1

It is the protecting of information and information systems from unauthorized access, use etc.

Question 2

What is information assets?

Answer 2

Data that one deems valuable.
It can be either physical or digital.

Question 3

Examples of information assets.

Answer 3

Paper documents
Digital documents
Password
Software
Source
Etc

Question 4

What is our most important assets?

Answer 4

People

Question 5

What should we consider when securing an asset?

Answer 5

We must consider how the level of security relates to the value of the asset.
Example
If it is very valuable it should have high security.
Vice versa

Question 6

What are the 3 types of security controls?

Answer 6

Prevention
Detection
Recovery

Question 7

What is prevention in security controls?

Answer 7

They try to prevent an incident from happening.

Question 8

What is detection in security controls?

Answer 8

They try to detect incidents after they have happened.

Question 9

What is recovery in security controls?

Answer 9

They try to reverse the impact of an incident.

Question 10

What is the CIA Triad?

Answer 10

Confidentiality
Availability
Integrity

Question 11

What is confidentiality in the CIA?

Answer 11

This means information should only be accessible to those who are authorized to access it.

Question 12

What is Integrity in the CIA Triad?

Answer 12

It means information should not be tampered with by unauthorized people.

Question 13

What is Availability in the CIA Triad?

Answer 13

It is ensuring that data is accessible and usable when needed.

Question 14

What is the Parkerian hexad?

Answer 14

It is an extension of the CIA Triad
It adds 3 more to the CIA.

Question 15

What is possession in the Parkerian hexad?

Answer 15

It refers to the physical arrangement of media which the data is stored on.

Question 16

What is authenticity in the Parkerian hexad?

Answer 16

It is about verifying the origin and legitimacy of the data.
It ensures that the data comes from a reliable source.

Question 17

What is utility in the Parkerian hexad?

Answer 17

It is how useful and relevant the data is.
It should server its purpose.

Question 18

What is an attack?

Answer 18

An attack is a security threat that involves an attempt to obtain, change, destroy, implant or reveal info with out permission.

Question 19

What are the 4 types of attacks?

Answer 19

Interception
Interruption
Modification
Fabrication

Question 20

What is interception?

Answer 20

It allow unauthorized users to access data and applications.
Attack against confidentiality.

Question 21

What are some examples of interception attacks?

Answer 21

Eavesdropping
Wiretapping
Key logging

Question 22

What is interruption?

Answer 22

It is when a network service (data) is made unavailable.
Attacks against Availability.

Question 23

What are some examples of interruption?

Answer 23

Ransomware
DDos/overloading
Cutting a communication line.

Question 24

What is modification?

Answer 24

It is an attack against the integrity of the information.

Question 25

What are the 3 types of modification?

Answer 25

Change: change existing information. Insertion: Adding information that was not originally there. Deletion: Removal of existing information.

Question 26

What are some examples of modification?

Answer 26

Data tampering Changing the contents of a message. Altering programs actions.

Question 27

What is fabrication?

Answer 27

It is the creation of fake data, identifies, information with the intent to gain unauthorized access. Attack on integrity and availability

Question 28

What is spoofing?

Answer 28

Fake email trying to pretend it is real.

Question 29

What is an information security threat?

Answer 29

Any thing that can harm the CIA of business's information.

Question 30

What are the 3 types of information security threats.

Answer 30

Abusers and Misusers Accidental occurrences Natural Physical Forces

Question 31

What is abusers and misusers

Answer 31

It occurs when users inappropriately use their privalages whether intentional or not.

Question 32

What is accidental occurrences.

Answer 32

It occurs when an employee's actions lead to damages to the company's data and system.

Question 33

What is natural physical forces?

Answer 33

They are non human threats. Examples: Floods, earthquakes etc

Question 34

What is defense in depth?

Answer 34

It is a multilayered defense system.

Question 35

What are the type of controls?

Answer 35

Physical Administrative Technical

Question 36

What is physical controls?

Answer 36

Stuff like fences, gates, locks cameras, guards, ac

Question 37

What is administrative controls?

Answer 37

Based on rules, policies, tos etc.

Question 38

What are technical controls?

Answer 38

Passwords, encryption, firewalls, etc

Question 39

What is identification?

Answer 39

It is a claim of who you are.

Question 40

What is identity verification?

Answer 40

Examples showing ID card, drivers license

Question 41

What is authentication?

Answer 41

It is a set of methods used to establish a claim of identity to be true.

Question 42

What are the types of authentication factors.

Answer 42

Something you know Something you are Something you have Something you do Where you are located

Question 43

Examples of something you know

Answer 43

Passwords PINs

Question 44

Examples of something you are

Answer 44

Biometrics Fingerprints Iris

Question 45

Examples of something have

Answer 45

Cards Phones Keys

Question 46

Examples of something do

Answer 46

Handwriting How you walk How you talk

Question 47

What is Where you are located

Answer 47

It depends on where the person is physically present.

Question 48

What is multifactor authentication

Answer 48

It uses one or more something you etc.

Question 49

What is mutual authentication

Answer 49

It is when both parties authenticate each other. It is mostly implemented through digit certificates.

Question 50

What is manual synchronization of passwords?

Answer 50

Using the same password everywhere

Question 51

What is enrollment

Answer 51

Recording biometrics

Question 52

What is a hardware token?

Answer 52

Example credit cards Works like google authenticator but usb.

Question 53

What is authorization?

Answer 53

It is what the user is allowed to access or do.

Question 54

What is principle of least privilege

Answer 54

Only the bare minimum of access should be allowed.

Question 55

What are the types of access controls

Answer 55

Allowing access Denying access Limiting access Revoking access

Question 56

What is Access control lists

Answer 56

It's a lists of rules that determine who is allowed or denied access to a computer system, network etc.

Question 57

What are the 2 identifiers

Answer 57

Internet protocol addresses Media access control addresses

Question 58

What is accountability

Answer 58

It provides us with means to trace activities back to their source.

Question 59

What is nonrepudiation

Answer 59

It's a situation where evidence exists to prevent a person from denying that they made a statement or taken an action.

Question 60

What is deterrence

Answer 60

Deters against misbehavior and misuse.

Question 61

What is auditing

Answer 61

It is the reviewing and examining of records, systems etc

Question 62

What is logging?

Answer 62

It gives us a history of the activities that has happened.

Question 63

What is monitoring?

Answer 63

It is the watching of specific items of collected data.

Question 64

What are vulnerabilities assessment

Answer 64

They involve using scanning tools to locate vulnerabilities in the system.

Question 65

What is cryptography

Answer 65

It is the science of keeping information secure.

Question 66

What is a cryptosystem

Answer 66

It's a structure consisting of algorithms that turn plaintext to ciphertext.

Question 67

What are the components of a cryptosystem

Answer 67

Plaintext Ciphertext Encryption algorithm Decryption algorithm Encryption key Decryption key

Question 68

What is plain text

Answer 68

It is the data that needs to be protected.

Question 69

What is encryption algorithm

Answer 69

It is a process that produces a cipher text for plain text and an encryption key.

Question 70

What is ciphertext

Answer 70

It is the scrambled version of the plaintext.

Question 71

What is the decryption algorithm

Answer 71

The reverse of the encryption one

Question 72

What is an encryption key

Answer 72

It is inputted in the encryption algorithm along with the plaintext to compute the cipher text.

Question 73

What is a decryption key

Answer 73

It is inputted in the decryption algorithm along with the cipher text to compute the plaintext

Question 74

What are the 2 types of cryptosystems

Answer 74

Symmetric key encryption Asymmetric key encryption

Question 75

What is the symmetric key encryption

Answer 75

Uses a single key for both encryption and decryption

Question 76

What is asymmetric key encryption

Answer 76

Uses a public key and private key

Question 77

What are hashes used for?

Answer 77

To discover if the original contents of a message has been changed