Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Study group > CPP 2022 Domain 6: Information Security > Flashcards

CPP 2022 Domain 6: Information Security Flashcards

1
Q

What are the three threat categories in information asset protection?

A

Intentional,
Natural,

Inadvertent.

Source: POA, Security Management, 5.3, page 69

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

To assess these types of threats, one must identify potential adversaries and evaluate their capability and intention to target key information assets.

A

Intentional threats.

Source: POA, Security Management, 5.3.1, page 69

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

These types of threats can be attributed to inadequate employee training, misunderstandings, lack of attention to detail, lax security enforcement, pressure to produce deliverables, and insufficient staffing.

A

Inadvertent threats.

Source: POA, Security Management, 5.3.3, page 70

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does layered protection apply to information protection?

A

Apply multiple levels of protection to information assets,
Ensure that layers of protection complement each other,

Build a coordinated strategy that integrates families of protective measures (e.g. technical, physical, access control).
Source: POA, Security Management, 5.5.2, page 75

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Access to internal information should be restricted to which groups?

A

Company personnel and those who have signed a nondisclosure agreement.

Source: POA, Security Management, 5.5.1, page 74

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How should obsolete prototypes, models, and test items be disposed of?

A

They should be destroyed so they can’t be reverse engineered.

Source: POA, Security Management, 5.5.2, page 76

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a patent?

A

Information that has the government grant of a right, privilege, or authority to exclude others from making, using, marketing, selling, offering for sale, or importing an invention for a specified period granted to the inventor if the device or process is novel, useful, and non-obvious.

Source: Information Asset Protection Guideline, 3.11, page 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a trademark?

A

Legal protection for words, names, symbols, devices, or images applied to products or used in connection with goods or services to identify their source.

Source: Information Asset Protection Guideline, 7.1.4, page 14

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a copyright?

A

A property right in an original work of authorship fixed in any tangible medium of expression, giving the holder the exclusive right to reproduce, adapt, distribute, perform, and display the work.

Source: Information Asset Protection Guideline, 3.6, page 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the best way to start addressing infringements of patents, copyrights, and trademarks?

A

By registering those rights.

Source: POA, Security Management, 5.5.10, page 84

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are four response options when a copyright has been violated?

A

Hire legal counsel,
Informing the proper authorities,

Conducting investigations, raids, and seizures,
Initiating civil litigation, administrative proceedings, and criminal prosecutions.

Source: POA, Security Management, 5.5.9, page 83

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What qualifies something as a trade secret?

A

The information added value or benefit to the owner,
The trade secret was specifically identified, and

The owner provided a reasonable level of protection for the information.

Source: POA, Security Management, 5.5.12, page 85

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a non-disclosure agreement?

A

A legal contract that establishes a relationship between two or more parties outlining confidentiality and the responsibility of protecting information.

Source: Information Asset Protection Guideline, 3.10, page 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is proprietary information?

A

Information of value, owned by an entity or entrusted to it, which has not been disclosed publicly.

Source: Information Asset Protection Guideline, 3.14, page 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the two primary aspects of recovery after an information loss?

A

Return to normal business operations as soon as possible,
Implement measures to prevent a recurrence.

Source: POA, Security Management, 5.7.2, page 89

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is confidentiality?

A

The ability to control the authorization to observe, access, share, or disseminate information.

Source: Information Asset Protection Guideline, 3.4, page 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

When is it appropriate to recycle papers that contain proprietary information?

A

When the papers have been properly destroyed.

Source: POA, Security Management, Appendix 5A, page 92

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is data mining?

A

Software-driven collection of open-source data and public information.

Source: POA, Security Management, 5.3.4, page 70

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are three ways to solidify confidentiality expectations in employees and business partners?

A

Confidentiality,
Intellectual property,

Nondisclosure agreements.

Source: POA, Security Management, 5.3.4, page 71

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is counterfeiting?

A

The manufacturing or distribution of goods under someone else’s name, and without their permission.

Source: POA, Security Management, 5.3.4, page 71

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is piracy?

A

The act of copying, stealing, reproducing, transmitting, or selling the intellectual property of another without consent.

Source: POA, Security Management, 5.3.4, page 71

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What three aspects of information must be protected?

A

Confidentiality,
Integrity,

Availability.

Source: POA, Security Management, 5.5.1, page 73

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What should be included in regularly performed information asset protection risk assessments?

A

Risk monitoring to address changes in security requirements as well as changes in the nature of the information assets, threats, frequency of threat occurrence, vulnerabilities, and impacts.

Source: POA, Security Management, 5.4, page 71

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are five business impacts of an information asset loss event?

A

Loss of company reputation/image/goodwill,
Loss of competitive advantage in one product/service,

Reduced projected/anticipated returns or profitability,
Loss of core business technology or process,
Loss of competitive advantage in multiple products/services.

Source: POA, Security Management, 5.4, page 72

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

To what extent should information asset protection programs be tailored?

A

The organization’s size, type, strategy, mission, and operating environment.

Source: Information Asset Protection Guideline, 4, page 5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the purpose of marking information that warrants protection?

A

The marking distinguishes the sensitivity of the information and the degree of protection warranted.

Source: POA, Security Management, 5.5.1, page 73

27
Q

What personnel matters play a role in information asset protection programs?

A

Due diligence investigations of potential partners,
Standard preemployment screening,

Vetting of subcontractors, vendors, and consultants.

Source: POA, Security Management, 5.5.3, page 77

28
Q

What are some data protection measures that should be incorporated in the information asset protection program?

A

Establishing specific privacy policies that comply with legal, regulatory, and contractual obligations;
Ensure systems and procedures are in place to safeguard personal information and privacy of customers and third-parties;

Providing a mechanism to investigate potential or actual PII-related incidents;
Establishing procedures for destruction or disposition when information is no longer needed.

Source: Information Asset Protection Guideline, 7.6, pages 25-26

29
Q

Informational assets can take what physical forms?

A

Prototypes and models,
Manufacturing processes and equipment.

Source: POA, Security Management, 5.5.3, page 76

30
Q

What business activity raises special risks to a company’s information?

A

The establishment of relationships, such as partnerships or outsourcing agreements.

Source: POA, Security Management, 5.5.5, page 78

31
Q

What is the purpose of operations security (OPSEC) or information risk management?

A

To view the big picture and identify any protection gaps that remain despite current security measures. Small bits of information taken from several different courses can be combined to reveal sensitive information.

Source: POA, Security Management, 5.5.6, page 79

32
Q

What is the primary risk of attending a trade show?

A

Elicitation.

Source: Information Asset Protection Guideline, 9.2, page 33

33
Q

What is offshoring?

A

The practice of placing information assets in other jurisdictions.

Source: Information Asset Protection Guideline, 9.3, page 33

34
Q

What should be included in an offshoring business agreement to protect information assets?

A

Commitments from the external partner organization to agree to protect the information assets and acknowledgment that they will comply with the policies and procedures established by the client organization.

Source: Information Asset Protection Guideline, 9.2, page 33

35
Q

The strategies used to safeguard information assets typically include what three components?

A

Security measures,
Legal protections,

Management practices.

Source: Information Asset Protection Guideline, 7, page 10

36
Q

What must accompany legal protections in order for them to have effect?

A

The organization must be prepared to enforce them.

Source: Information Asset Protection Guideline, 7.1, page 11

37
Q

What is an advantage of designating something a trade secret?

A

Trade secrets do not have to be registered or shared with any outside agency.

Source: Information Asset Protection Guideline, 7.1.1, page 12

38
Q

What details are included in a non-disclosure agreement?

A

The definition of ‘confidential information,’
Obligations of the receiving party,

Time period for which the agreement is valid,
Any exclusions.

Source: Information Asset Protection Guideline, 7.1.5, page 14

39
Q

On what does the effectiveness of an information security program ultimately depend?

A

People’s behavior.

Source: Information Asset Protection Guideline, 7.2.2, page 17

40
Q

What is the purpose of destroying information assets that are no longer used?

A

Proper destruction reduces the risk of sensitive information being compromised and helps ensure compliance with relevant guidelines.

Source: Information Asset Protection Guideline, 7.2.1.1, page 16

41
Q

What are technical surveillance countermeasures (TSCM)?

A

Services, equipment, and techniques designed to locate, identify, and neutralize technical surveillance activities.

Source: POA, Security Management, 5.6.1, page 87

42
Q

What should be regularly inspected as part of the TSCM effort?

A

Telecommunications equipment, cables, and terminals.

Source: POA, Security Management, 5.6.1, page 87

43
Q

What are three key steps to take after an information loss?

A

Investigation,
Damage assessment,

Recovery and follow-up.

Source: POA, Security Management, 5.7 page 89

44
Q

What should occur during an information loss investigation?

A

Thoroughly investigate known and suspected compromises of information,
Establish an investigative plan and coordinate with counsel,
Identify investigative resources,
Establish and maintain liaison.

Source: POA, Security Management, 5.7.1, page 89
Identify investigative resources,

45
Q

What should occur during damage assessment after an information loss?

A

Determine the information that was compromised,
Determine the implications of the compromise,

Report the impacts.

Source: POA, Security Management, 5.7.2 page 89

46
Q

How should the information asset protection program operate at all levels?

A

An enterprise-wide program with commitment and support of top management should guide the overall planning and implementation of the program.
The ability to assess risk and implement coordinated risk management and protective programs should also exist at the regional, business unity, departmental, project, and individual transaction level.

Source: Information Asset Protection Guideline, 5, page 5

47
Q

What is the purpose of measuring an information asset protection program?

A

Measuring provides the basis to determine if the program objectives are being met and to ensure the program’s continuing suitability, adequacy, and effectiveness.

Source: Information Asset Protection Guideline, 5.1, page 6

48
Q

Information asset protection program policies and procedures should be established to direct and guide what behaviors?

A

Organizational and individual behaviors related to the proper creation, identification, labeling, storage, handling, transmission, and disposal of information assets.

Source: Information Asset Protection Guideline, 5.2, page 7

49
Q

What must be considered when identifying information assets?

A

The various forms in which the assets exist.

Source: Information Asset Protection Guideline, 6.1, page 7

50
Q

What are four levels of information classification?

A

Highly restricted,
Restricted,

Internal use,
Unrestricted.

Source: Information Asset Protection Guideline, 6.1.1, page 19

51
Q

This classification level is used for information that could allow a competitor to take action that could seriously damage an organization’s competitive position in the marketplace, or the disclosure of which could cause significant damage to the organization’s financial or competitive position, brand, or reputation.

A

Highly restricted.

Source: Information Asset Protection Guideline, 6.1.1, page 9

52
Q

This classification level is used for information that is organizationally of competitively sensitive or could introduce legal or employee privacy risks.

A

Restricted.

Source: Information Asset Protection Guideline, 6.1.1, page 9

53
Q

This classification level is used for information generated within the organization that is not intended for public distribution.

A

Internal use.

Source: Information Asset Protection Guideline, 6.1.1, page 9

54
Q

This classification is used for information that can be shared within the organization and outside of the organization.

A

Unrestricted.

Source: Information Asset Protection Guideline, 6.1.1, page 9

55
Q

What are examples of physical security components included in an organization’s information asset protection program?

A

Prevent on-premise physical access to information technology systems and components,
Ensure that digital information processed, stored, or transmitted off-premise is secured in a manner consistent with on-premise,

Prevent the introduction of equipment that may be used to compromise information, systems, or people,
Controlling access and/or isolating information based on level of trust,
Implement role-based access to facilities.

Source: Information Asset Protection Guideline, 7.2, page 15

56
Q

What are examples of physical forms of information assets?

A

Documents,
Hardcopy records,

Data storage devices,
Models,
Prototypes,
Test products.

Source: Information Asset Protection Guideline, 7.2.1, page 16

57
Q

What three tasks should be performed during employee separating or offboarding to protect information assets?

A

Manage termination processes such that separated individuals have access to information assets removed according to agreed upon timelines.
Manage physical asset return in a controlled manner based on the policy.

Physically erase information from personal devices based on company policy.

Source: Information Asset Protection Guideline, 7.3.1, page 18

58
Q

When should additional screening be conducted during employment?

A

In cases where an individual changes positions, roles, or responsibilities, and requires a higher level of trust or may post a higher risk to physical or digital security.

Source: Information Asset Protection Guideline, 7.3.1, page 18

59
Q

What are two examples of frameworks and/or standards organizations can adopt to safeguard its electronic/digital information?

A

International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) series 27000.
US National Institute for Standards and Technology (NIST) series 800.

Source: Information Asset Protection Guideline, 7.5.1, pages 22-23

60
Q

What should be covered in the information security policy to reduce risks to information assets during travel?

A

Zero footprint,
Secure network access,

Encryption,
Multi-factor authentication,
Physical protection of information and devices,
Incident reporting procedures,
Procedures for examining and/or clearing devices.

Source: Information Asset Protection Guideline, 7.3.5, page 20

61
Q

What differentiates information security and cybersecurity?

A

Information security refers to the protection of all information or data irrespective of form. Cybersecurity refers to the protection of information and data in systems, networks, and programs.

Source: Information Asset Protection Guideline, 7.5, page 22

62
Q

What are intellectual property rights?

A

Intangible rights protecting the realization of ideas and concepts resulting in commercially valuable products.

Source: Information Asset Protection Guideline, 3.8, page 2

63
Q

What is the Internet of things (IoT)?

A

A system of interrelated computing devices, mechanical, and digital machines provided with unique identifiers (UIDs) with the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

Source: Information Asset Protection Guideline, 3.9, page 2

64
Q

What is a root cause analysis?

A

A technique used to identify the conditions that initiate the occurrence of an undesired activity or state.

Source: Information Asset Protection Guideline, 3.18, page 3

Study group (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions