Fundamental of security

Question 1

what is Information Security

Answer 1

Act for protecting data and information from unauthorized access,unlawful modification and disruption,disclosure , and corruption and destruction

Question 2

what is information System Security

Answer 2

Act for protecting the system that holds and process the critical information

Question 3

confidentiality

Answer 3

Ensure that Information is only accessible by authorized person

Question 4

integrity

Answer 4

Ensure that data remain accurate and unaltered unless the modification is required

Question 5

Availability

Answer 5

Ensure that information and resources are accessible and functional when needed by by authorized users

Question 6

Non-repudiation

Answer 6

Guaranteeing that a specific action or event has taken place and cannot be denied by parties involved

Question 7

AAA of security

Answer 7

Authentication , Authorization , Accounting

Question 8

Authorization

Answer 8

Permissions and privileges granted to users or entities after they have been authenticated

Question 9

Accounting

Answer 9

Act of tracking user activities and resource usage, typically for audit or billing purposes

Question 10

Security Controls

Answer 10

Measures or mechanisms put in place to mitigate risks and protect the confidentiality , integrity , and availability information system and data

Question 11

Type of Security Controls

Answer 11

Technical , Managerial , Operations , Physical

Question 12

Zero Trust

Answer 12

Security model that operates on the principle that no one , whether inside or outside the organization, should be trusted by default

Question 13

Control Plane

Answer 13

Consists of adaptive identity, threat scope reduction,policy-driven access control,and secured zones

Question 14

Data Plane

Answer 14

Focused on the subject / system,policy engine ,
policy administrator , and establish policy enforcement points

Question 15

Data Masking

Answer 15

Method that involves obscuring
data within a database to make
it inaccessible for unauthorized
users while retaining the real
data’s authenticity and use
for authorize user

Question 16

Physical Security Measures

Answer 16

Used to ensure confidentiality
for physical types of data and for
digital information contained on
servers and workstations

Question 17

Non-repudiation

Answer 17

Focused on providing
undeniable proof in
digital transactions

Question 18

Digital Signature

Answer 18

Created by first hashing a particular
message or communication to be
digitally signed and encrypting the
hash digest with the user’s private
key using asymmetric encryption

Question 19

Availability === ?

Answer 19

Redundancy

Question 20

Non-repudiation

Answer 20

Redundancy

Question 21

Authentication

Answer 21

Security measure that ensures
individuals or entities are
who they claim to be during a
communication or transaction

Question 22

Preventive Controls

Answer 22

Proactive measures implemented to thwart potential security threats or breaches

Question 23

Detective Controls

Answer 23

Monitor and alert organizations to malicious activities as they occur or shortly thereafter

Question 24

Corrective Controls

Answer 24

Mitigate any potential damage and restore the system to their to normal state

Question 25

Compensating Controls

Answer 25

Alternative measure that are implemented when primary security are not feasible or effective

Question 26

Directive Controls

Answer 26

Often rooted in policy or documentation and set the standards for behavior within an organization

Question 27

Gap analusis

Answer 27

Process of evaluating the difference between an organization’s current performance and its desired performance