IAS

Question 1

study of how to protect information from destruction, degradation, manipulation, and exploitation, and also how to recover it

Answer 1

information assurance

Question 2

what are the aspects of information needing protection

Answer 2

availability, integrity, confidentiality, authentication, non-repudiation

Question 3

timely, reliable access to data and information for authorized users

Answer 3

availability

Question 4

protection against unauthorized modification of information

Answer 4

integrity

Question 5

assurance that information is not disclosed to unauthorized persons

Answer 5

confidentiality

Question 6

assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of sender’s identity

Answer 6

non-repudiation

Question 7

four major categories of information assurance

Answer 7

physical security, personnel security, it security, operational security

Question 8

give examples of proper practice of information assurance

Answer 8

*hard to guess passwords
*encrypting hard drives
*locking sensitive documents
*assigning security clearances to staffers
*using SSL for data transfers
*having off-site backup of documents

Question 9

what does SSL mean

Answer 9

secure socket layer protocol; websites that are safe or have https

Question 10

protection of hardware, software, and data against physical threats to prevent loss of assets

Answer 10

physical security

Question 11

variety of ongoing measures taken to reduce the likelihood and severity of accidents

Answer 11

personnel security

Question 12

inherent technical features and functions that collectively contribute to an IT infrastructure

Answer 12

IT security

Question 13

involves the implementation of standard operational security procedures

Answer 13

operational security

Question 14

the objective of operational security is to

Answer 14

*achieve a known secure system state at all times
*prevent accidental or intentional theft, release destruction, alteration, misuse, or sabotage of system resources

Question 15

according to raggad’s taxonomy of information security, what are the five interacting components in a computing envi

Answer 15

activities, people, data, technology, networks

Question 16

three levels of information security

Answer 16

physical, information infrastructure, perceptual

Question 17

desired effect: to affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender

Answer 17

physical level

Question 18

attacker’s operation: physical attack and destruction–electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, eavesdropping

Answer 18

physical level

Question 19

defender’s operation: COMPSEC, COMSEC, ITSEC, OPSEC

Answer 19

physical level

Question 20

covers information and data manipulation ability maintained in cyberspace

Answer 20

infrastructure level

Question 21

desired effects: influence the effectiveness and performance of information functions

Answer 21

infrastructure level

Question 22

attackers operations: impersonation, piggybacking, spoofing, network attacks, malware, authorization attacks, active misuse, and denial of service

Answer 22

infrastructure level

Question 23

defender’s operation: encryption and key management, intrusion detection, anti-virus software, auditing, redundancy, firewalls, policies and standards

Answer 23

infrastructure level

Question 24

perceptual level is also called

Answer 24

social engineering

Question 25

desired effects: to influence decisions and behaviors

Answer 25

perceptual level

Question 26

attacker’s operations: deception, blackmail, bribery and corruption, social engineering, trademark and copyright infringement, defamation, diplomacy, creating distrust

Answer 26

perceptual level

Question 27

defender’s operations: psychological testing, education, biometrics, watermarks, keys, passwords

Answer 27

perceptual level

Question 28

flip side of information assurance

Answer 28

information warfare

Question 29

info warfare - type 1

Answer 29

managing an opponent’s perception through psychological operations/truth projection

Question 30

information warfare - type 2

Answer 30

denying, destroying, degrading, or distorting the opponent’s information flows to disrupt their ability to carry out operations

Question 31

information warfare - type 3

Answer 31

gathers intelligence by exploiting the opponent’s use of information systems

Question 32

who are the offensive players int he world of IW

Answer 32

insiders, hackers, criminals, corporations, governments, terrorists

Question 33

consists of employees

Answer 33

insiders

Question 34

gains unauthorized access to information systems for thrills, challenge, power, or profit

Answer 34

hackers

Question 35

target information that may be of value to them

Answer 35

criminals

Question 36

actively seek intelligence on competitors or steal trade secrets

Answer 36

corporations

Question 37

seek military, diplomatic, and economic secrets of foreign governments

Answer 37

governments

Question 38

politically motivated and may seek to cause maximal damage to information and infrastructure

Answer 38

terrorists

Question 39

relies on established procedures and mechanisms for prioritizing restoration of essential functions

Answer 39

capability restoration

Question 40

a resource being protected

Answer 40

asset

Question 41

devices, computers, people

Answer 41

physical assets

Question 42

logical assets

Answer 42

information, data, intellectual property

Question 43

system assets

Answer 43

any software, hardware, data, administrative, physical, communications, or personnel resource

Question 44

the items being protected by the system

Answer 44

objects

Question 45

entities that execute activities and request access to objects

Answer 45

subjects

Question 46

operations, primitive or complex, that can operate on objects must be controlled

Answer 46

actions

Question 47

the information is free of error and has the value expected

Answer 47

accuracy

Question 48

the information is genuine

Answer 48

authenticity

Question 49

the information has not been disclosed to unauthorized parties

Answer 49

confidentiality

Question 50

the information is whole, complete, and uncorrupted

Answer 50

integrity

Question 51

the information has value for the intended purpose

Answer 51

utility

Question 52

the data is under authorized ownership and control

Answer 52

possession

Question 53

security measures to establish the validity of a transmission, message, or originator

Answer 53

authentication