Definitions

Question 1

Logical Assets

Answer 1

Assets that exist as data or intellectual property

Question 2

Physical Assets

Answer 2

those assets which are tangible objects and materials.

Question 3

Information Security

2 definitions

Answer 3

Protecting information and information systems from unauthorized access, use, disclosure disruption, modification, or destruction.

Protect data and systems from those who seek to misuse them, intentionally or unintentionally, or those who shouldn’t have access at all.

Question 4

PCI DSS (Payment card industry data security standards are what?

Answer 4

Applies to companies that process credit card payments

Question 5

FISMA (Federal Information Security Management Act)

Answer 5

Defines security standards for many federal agencies in the USA

Question 6

Confidentiality

Answer 6

Our ability to protect our data from those who are not authorized to use it.

Question 7

Integrity

Answer 7

The ability to prevent people from changing your data in an unauthorized or undesirable manner.

Question 8

Availability

Answer 8

Refers to the ability to access our data when we need it

Question 9

Parkerian Hexad?

Answer 9

a more thorough model for assessing information security than CIA.

Question 10

Possession / Control

Answer 10

refers to the physical disposition of the media on which the data is stored.

Question 11

Authenticity

Answer 11

Allows you to say whether you’ve attributed the data in question to it’s proper owner or creator

Question 12

Utility

Answer 12

How useful is the data to you?

Question 13

Interception Attack:

Answer 13

allows unauthorized users to access your data, applications or environments. Primarily attacks against confidentiality.

Question 14

Data at Rest

Answer 14

stored data that isn’t in the process of being moved from one place to another

Question 15

Data in Motion

Answer 15

data in the process of being moved from one place to another

Question 16

Data in Use

Answer 16

data an application or individual is actively accessing or modifying.

Question 17

Modification Attacks

Answer 17

involves tampering with an asset

Question 18

Fabrication Attacks

Answer 18

Involves generating data, processes, communications, or other similar material with a system.

Question 19

Threats

Answer 19

something that has the potential to cause harm

Question 20

Vulnerability

Answer 20

Weakness, or holes that threats can exploit to cause you harm

Question 21

Risk

Answer 21

is the likelihood that something bad will happen

Question 22

Impact

Answer 22

used by some organizations like the NSA.

Takes into account the value of the asset being threatened and uses it to calculate the risk.

Question 23

What are controls?

Answer 23

Measures put into place to mitigate risks.

Question 24

What are physical controls?

Answer 24

Protect the physical environment in which your systems sit or where your data is stored.

Question 25

What are logical controls?

Answer 25

Protect the systems, networks, and environs that process, transmit, and store data

Question 26

What are administrative controls?

Answer 26

Based on rules, laws, policies, procedures, guidelines,and other items that are “paper” in nature.

Dictate how the users of your environment should behave?