Inf Sec Flashcards
A property right granted to an inventor to exclude others from making, using, offering for sale, or selling the invention for a limited time is called a
Patent
What factors should be considered when using the internet to link organization offices?
Confidentiality, Integrity, and Availability
Which of the following fields involves defences against the interception of data communication from microphones transmitters or wiretaps?
Transmission security
In protecting information assists, an effective protection strategy begins with:
A clear, practical policy that is shared with all relevant parties and enforced with fairness.
What is the key organizational asset?
Information
What are the key steps that can be taken after an information loss?
1 - Investigation
2 - Damage, assessment
3 - Recovery and follow-up
What is application security?
Modern business applications typically consist of custom code, third-party software, and one or more servers. Improper integration of these components can result in a vulnerability that can later be exploited to gain unauthorized access to data.
What an intrusion detection system can monitor
1 - Malicious programs,
2 - Unauthorized changes to files and settings
What is the most effective IT protection?
Most effective IT protection is a layered approach that integrates
1 - Physical measures
2 - Procedural measure
3 - Logical protection measures
What are the elements of technical surveillance countermeasures?
Services
Equipment and
Techniques.
Who should execute an NDA as a condition of employment in the organization?
All employees should execute an NDA as a condition of employment
When information can be said trade secret?
For information to be trade secret, the owner must be able to prove that,
1 - Information added value or benefit to the owner
2 - The trade secret was significantly identified
3 - The owner provided a reasonable level of protection for the trade secret
What is the fundamental difference between patent and trade secret?
Patent require that the inventor publicly disclose the inventions elements and a patent lasts only 20 years.
Conversely a trade secret is not disclosed and may last indefinitely.
Why it is essential to register the trade marks before the product enters the stream of commerce in any country
Because it is the primary means of ensuring that mark is eligible for before the product enters the stream of commerce protection under that country’s law and ensuring that trademark infringement can be remedied through administrative or judicial proceedings.
What is the best way to start addressing infringement of patents, copyrights and trademarks?
The best way to start addressing infringement of patents, copyrights and trademarks is to register those rights
Which type of facts are respond by operations security?
Operations security responds to the fact that small bits of information taken from several different sources can be combined to reveal sensitive information.
Operations security is used to protect which type of information?
To protect unclassified information.
How an organization can ensure that critical information retains its availability, confidentiality, and integrity during all phases of crisis situations including response and recovery?
By incorporating information asset protection program into the organization’s business continuity plan.
Personnel security plays a key role in information asset protection program. What matters includes in personnel security to protect information assets?
Due diligence investigations of potential partners, standard pre employment screening, and vetting of subcontractors, vendors, and consultants.
Based on what, an employee’s access to information assets should be determined?
An employee’s access should be based on his or her current job function and need to know, not solely on position or management level.
Who typically determines the classification level of information asset?
The originator of the information.
What must be ensured by the protection measures to protect security?
The protection measures (the physical and cyber environment) must be sufficient to ensure confidentiality, integrity, availability, accountability, recoverability, auditability, non- repudiation of information in both the physical and cyber environment
How all the information in the organization need to be evaluated
All information needs to be appropriately evaluated for sensitivity
What should clarify that information is one of the organization’s most important resources?
The policy of the organization
While developing information asset protection policies and awareness what is important?
It is important to identify what information should be and protected and when, and then identify the many forms this information may take over its life cycle.
In the organization who can influence security most and why?
The first-and second-tier management and because the managers who see employees every day are the ones who will actually be there to notice when people are following security practices and when they are not.
Who is ultimately responsible for protecting information assets in the organization?
Ultimately the responsibility for protecting information assets rests with the leadership of an organization.
What are the purposes of information risk assessment
Risk assessment should identify risks, quantify them, and prioritize them according to the organization’s criteria for risk acceptance.
How, in 80 percent of the cases, the perpetrator of information assets comes to the attention of management?
The perpetrator come to the attention of management due to inappropriate behaviors before the incident (e.g; tardiness, truancy, arguments with coworkers, or poor job performance)
What are the elements basically have converged to create unusually fertile ground for insider espionage?
Elements that create fertile ground for insider espionage due to information revolution, global economic competition, the involvement of new and non-traditional intelligence adversaries, other changes in the domestic and international environment.
What are the causes for inadvertent threats?
Inadvertent threats can be attributed to inadequate employee training, misunderstandings, lack of attention to details, lax security enforcement, pressure to produce a deliverable, insufficient staffing etc
From whom basically the largest losses of information come?
The largest losses basically are from the people in the mirror, people make mistake, and those mistakes are the most likely thing to hurt.
What is the most frequently overlooked threats?
The most frequently overlooked threats are inadvertent threats
What need to be done to assess intentional threats?
To assess intentional threats need to identify
1 - Potential adversaries
2 - Evaluates their capability
3 - Intention to target key information assets.
What are the types of threats for information assets?
Types of threats for information assets may include:
1 - Intentional threats
2 - Natural threats
3 - Inadvertent threats
What is the goal of information security program?
The goal of information security program is to optimize risk, never minimize.
Which of the following is one step in the risk assessment process for use in protecting information?
Identifying information assets
According to the existing trends of security problems, what is one of the most serious economic and national security challenges for US?
Cyber threat is one of the most serious economic and national security.
When a person who can control the computer linked with access control system, what kind of change is possible to make?
A person who can control the computer can create two dangers:
1 - A valid administrator could add a backdoor or additional card
2 - The system may be accessible to the internet
What is the weakness of HID cards
When card reader requests an identification number to the card, the card simply supplies without verification of authenticity.
What is phishing?
When an outsiders who gain insider privileges in extracting information
To combat cyber-attacks what is required
Effectively combating cyber-attacks requires:
1 - Increased awareness
2 - New technology
3 - And improved response and recovery capabilities
When an information security system is dependent on internet, hackers can exploit the system by using different forms of attacks. What are those forms of attack?
Hackers make attacks by using worms, viruses, network flooding, no-notice attacks through compromised routers, spyware, insider attacks, data ex-filtration by outsiders who gain insider privileges(phishing), and distributed denial of service attacks are all commonplace
What are the additional risks created by convergence?
Convergence creates significant additional risk to the organization because the physical security devices are now accessible from anywhere on the network
What is security convergence?
Security convergence is the integration. in a formal, collaborative, and strategic manner, of the cumulative security resources of the organization in order to deliver enterprise-wide benefits through enhanced risk mitigation, increased operational effectiveness and efficiency, and cost savings
What are the seven critical success factors that an information security standard of care must meet?
1- Executive management responsibility
2- Information security policy
3- User awareness training and education
4- Computer and network security
5- Third- party information security assurance
6- Physical and personnel security
7- Periodic risk assessment.
The objective of ISS program is to prudently and cost-effectively manage the risk that critical information in three forms of protection and what are those forms?
Not compromised-confidentiality; remain unchanged without authorization- integrity; remains available-Availability
What is “Rogueware
Rogueware, or software that pretends to be security software but really compromise a computer, is also on the rise. Cybercriminals are doing this job by getting users to download this malicious software
What kind of attack can circumvent signature-based controls?
Malware attack
How successful breaches of information occur in the organization
When someone is able to take advantage of an error committed by the victim and installed malware to take advantage of it
Which kind of criminal group poses the greater threat to corporate information systems?
Organized criminal groups pose the greater threat to corporate information systems because this group can organize their funds to conduct their attack
What factors are promoting cyber¬-attacks
The factors that are promoting cyber-attack are: Cybercriminals do not need to change their malware as quickly but can implement it on more sites; they can use the automated techniques that continually compromise legitimate web sites; moreover, they can change malware code so it is not detected by traditional antivirus system.
What is the purpose of bots
Bots (software applications that run automated tasks) under the control of the hackers to bring the site down
Why sanitized code is used
Sanitized code used in a penetration test to obtain Social Security Numbers and other sensitive information from a supposedly database
How security professional should augment their physical security to address the challenges of information systems security?
To address the challenges of ISS, security professional must augment their physical security paradigm with a new logical security paradigm
In relation to the information systems security (ISS), the security professional strives to protect what?
The security professional strives to protect CIA triangle:
1‐ Confidentiality
2‐Integrity
3‐ Availability
What is the difference between residual threat risk and residual risk
Residual Threat Risk for each threat, the remaining potential risk after all ISS counter measures are applied and Residual Risk , the total remaining potential risk after all ISS countermeasures are applied across all threats
What types of threat agents exist with information systems security
Information system threats agents are :
1- Natural
2- People
3- Virtual
In relation to the virtual threat, a computer program or script can be illegitimately installed on a workstation, server, router or other information systems device and capable of doing what types of activities?
A computer program or script illegitimately installed on a workstation, server, router or other information systems device and capable of any or all of the following:
1 -Sending information from the device on which it is installed to the owner of the program (its control),
2- Receiving command and control instructions from its control and adjusting its behavior accordingly,
3- Executing commands on the device on which it is installed
Before using a virtual threat agent, a cybercriminal or other perpetrator must get in onto a target computer. What types of methods they may use?
Methods include
1- Direct physical access to the computer (via USB drive or cybercriminal or other perpetrator must other peripheral)
2- Hacking into the computer remotely
3- Placing malware on the computer
4- Phishing
5- Engineering.
What are the broad categories you can break Information systems security
1- Vulnerabilities in the information systems infrastructure
2- Vulnerabilities in people using the information systems infrastructure(Users)
3- Vulnerabilities in people maintaining the information systems infrastructure (custodians)
4- Executive and senior management vulnerabilities
5- Vulnerabilities in information systems management processes
Before outlining the range of countermeasures available for managing residual information system risk, what is important to specify?
It is important to specify the ISS control objectives that those counter measures must meet
What are the broad categories to divide Information systems countermeasures
Information system countermeasures divided into three broad classifications:
1‐ Administrative control
2‐ Technical controls
3‐ Physical controls
What is perhaps most important in information security
Perhaps most important in information security, as in physical security is to have the buy‐in of executive management in supporting security initiatives
What are the layers OSI model consisting?
The seven layers of the OSI model are:
1‐ Physical(layer‐1)
2‐ Data link (layer‐2)
3‐ Network(layer‐3)
4‐ Transport(layer‐4)
5‐ Session(layer‐5)
6‐ Presentation(layer‐6)
7‐ Application(layer‐7)
Which of the OSI layers was developed so that computers that could not immediately see each other could nevertheless still communicate?
In OSI (open system Interconnect) layer 3, computers that could not immediately see each other could nevertheless still communicate.
In OSI layer 3, with the help of which equipment, computers can communicate to each other’s though they cannot see each others?
The computer device called “router” allows for this communication to happen.
What do you understand by buffer overflow?
It is a form of attack. In this instance, a malicious user or program can give more information to the computer program that it is expecting. The extra words or characters can produce a buffer overflow state, giving the computer instructions to do something unintended
What is the third element of the AAA triad?
This process of authentication and authorization is part of what is called the AAA triad. The third part of this triad is auditing/accountability.
Apart from AAA, how else is data confidentiality can be maintained?
Apart from AAA, data confidentiality can be maintained through encryption and system protection
Explain the difference between authentication and authorization
(From any source) Authentication means examining identification of user who seeks to gain access to computer by asking for a user name and password. Authorization means, after identifying a user, the Computer checks a data base to see what type of authorization that particular user has. This process particularly allows the user to avail his/her rights as per the level of access of information predetermined by organization’s policy.
What are the different approaches can be applied beyond the user name and password to make authentication process more difficult for increasing the security of data?
Biometric authentication; second‐factor authentication (one time password); encryption
While designing an information system, why it is important to include redundancy system in it?
Because redundancy aids the efforts to ensure data availability and also ensure continuity.
If a company is truly concerned about the security of its data, over the open internet or within a more private network, what technology can be used?
The technology called virtual private network (VPN), can be used which encrypts data from one point to another.
What do you understand by “an escalation of privileges” attack?
“Escalation of privilege” is basically a specially crafted e-mail based attack which enables the mail system to do something undesirable to the recipient. This type of attack succeed because the email program is tricked into executing the e-mail as if it were a program rather than a simply processing it as text.
Despite of a number of advantages of VOIP system, what is the security downside?
In the VOIP system, every phone and every phone and server hosting phone-related information, including voicemail and the actual phone calls in progress, have potential to be compromised as these systems are completely accessible on the framework.
What is a critical aspect of any information security program?
Third-party review is a critical aspect of any information security program. Each organization is responsible for managing its vendors and ensuring that they come up to a specific level
What is the fundamental difference between IDS and IPS?
Intrusion detection (IDS) is designed to monitor one’s network and attempt and to interpret either via behavior or pattern/signatures whether someone is trying to attack the system. An intrusion prevention system (IPS), which is designed to automatically stop an attack in progress.
What is ISO 27001 and into what 11 domains is it broken down?
The ISO 27001 is an international standard for managing information security.
This standard is broken down into 11 domains which are:
1‐Security policy
2‐Organization of information security
3‐Asset management
4‐Human resource security
5‐Physical and environmental security
6‐ Communications and operations management
7‐Access control
8‐Information system acquisition, development and management
9‐Information security incident management
10‐Business continuity management
11‐Compliance.
What is the center piece of ISO27001
The center piece of ISO 27001 is its concept of ISMS
What is the three basic pillar of information security?
Integrity, non‐repudiation and confidentiality
What is the purpose of program developed based on “red flag rules”?
Early detection and prevention of identity theft
What is the biggest challenge for management in relation to the ISS policy implementation?
Management’s biggest challenges lies not in the writing of specific ISS policies but in the orderly development and implementation of policies
The effectiveness of an information security program ultimately depends upon depends on what?
Depends upon people’s behavior
An employee’s access to information should be based on what criteria
Their current job function and “need-to-know.”
In the context of information asset protection, “sanitizing” is the process of:
Removing data on the media before the media is reused
Which of the following can be used to authenticate and authorize computer access?
What a person has/what a person knows/who a person is
Original works in the form of books, magazines, musical scores, movies, and computer software programs are protected by a:
Copyright
How does a host intrusion prevention system (HIPS) differ from an intrusion detection system (IDS)?
HIPS operates on a host system, such as a computer or server
A password cracking attempt that systematically tries every possible combination of letters and number is referred to as a:
Brute force attack
A software program that performs a useful purpose but also has a hidden destructive purpose is known as a:
Trojan horse
Which of the following fields involves defences against the interception of data communication from microphones transmitters or wiretaps?
Transmission security
When preparing for a technical surveillance countermeasures (TSCM) inspection, it is not necessary to determine the:
Height of the building
The first step in keeping sensitive information secure to.
Classify it according to its value
In a theft of proprietary information case, which of the following steps is most important to the security manager?
The information was patented, trademarked, or copyrighted
Which of the following is one step in the risk assessment process for use in protecting information?
Identifying information assets
The first step in securing sensitive information is to
Identify it and classify it by value.
One step for harmonizing information asset protection (IAP) and general business practices is to:
Communicate IAP issues to all elements of management
The ISO 27001 and ISO 27002 standards are important for the information system security (ISS) practitioner
Represent the first acknowledged worldwide standards to identify a code of practice for the management of information security.
Why it is important to encrypt the video stream regarding video cameras in the network?
To ensure that whatever credentials are passed between a workstation and the device, they cannot be easily stolen off the network. Otherwise, the organization may face one of these familiar issues: denial of services, insertion of inaccurate data, data theft, data modification, and data destruction.
Based on the present context of cyber security, it is not recommended to allow a legitimate user to access video or access control data at a distance with only user name and password. To ensure greater protection of data what corporate ISS policies should prohibit?
Corporate ISS policies should prohibit accessing into network without using second‐factor authentication
When a converged IP‐based access control system is vulnerable to viruses and Trojans?
In a converged IP‐based across control system is vulnerably to viruses and Trojans because if control system, not placing antivirus or other host protection software on the machine that runs the system could leave it susceptible to compromise or failure.
What kind of causes could arise while upgrading a video camera within a network?
Upgrading a video camera could cause a broadcast storm on the network due to a bug in the camera, causing not only that video camera but also other systems to stop working.
What kind of inconveniences we might face with IP‐CCTV systems in locations where power supply is not consistently reliable or fluctuate?
If power supply is not consistently, which might cause to leave an organization’s video system down during the restart because computer‐based systems make take unexpectedly long to start up and shut down.
As part of ISS organization, before providing access to a third party to an organization’s data, what process must complete to protect own security?
When using 3rd party delivery services, ISS professional need to ensure that organization is protected by making sure that provider must adhere to the organization’s policies. Besides, a vetting process can be carried out before allowing access to an organization’s data.
Why physical security professional to work in collaborate with the ISS department?
It is critical for the physical security professional to collaborate with the ISS department to ensure that physical security is a good ISS partner and complies with policies and procedures.
What is the first job of the individual charged with an organization’s ISS?
The first job of the individual charged with an organization’s ISS is to create ISMS appropriate for the size of the organization
What is the difference between how physical security managers and ISS professionals mitigate risk?
Physical security professionals mitigate risk via policies, references and frameworks. On the other hand, ISS professionals mitigate risk through an information security management system(ISMS).
How a malware attack takes place while simply visiting a website?
In case of web attack, when users are accessing the web they can pick up malware simply by going to a compromised web and malware introduction on to the network cannot be blocked by VPN because web attack can defeat every control.
Why a web attack is particularly dangerous?
Because it can defeat almost every control
Why is a malware attack particularly insidious?
This is because malware has been designed to be primarily silent. The longer the hackers can stay in stealth mode, owning an organization system stealing its information, the more they have time to gain. Etc
How even a completely “patched” and up‐to‐date system still is possible to be compromised?
An engineer could configure the system incorrectly or make an architectural mistake, such as plugging an internal server into as witch that is accessible via the internet.
How a hacker can launch an attack against a converged IP‐based video protection system?
Hackers may start by checking a readily accessible website. If, via social engineering they can steal a username and password to gain access, they will. If this is not possible, they might use a brute force password cracker that enables them to try many passwords very quickly.
How malware attack can be launched in the network?
Someone attacks a system by installing software on it, either with the user’s knowledge (usually hidden in other software or e‐mail)or automatically, without the user’s knowledge
What is social engineering?
Social engineering is the manipulation of people to get them to do something that weakens the security of the networks
Why does communication at the layer 3 level increase risk in converged access control system?
Layer3 or indirect communication is the mechanism that allows for computers to interact across the internet globally. In a converged paradigm, an organizations computers and physical security assets are potentially accessible from across the world‐therefore vulnerable to attacks.
How physical security practitioners should categories ISS risk to address the security risks brought on by convergence?
According to the CIA triad
Security convergence can indeed enhance risk mitigation, but it can also increase total organizational risk. If it is so, give examples of risks?
When physical security practitioners put physical security technology onto the network, they open the door to significant network‐based security risk. Some elements of information systems security (ISS) can weaken the physical security. These are: 1‐ denial of service (DOS), 2‐ insertion of inaccurate data, 3‐data theft, 4‐ data modification, 5‐ data destruction
How to define convergence?
Convergence is the integration, in a formal, collaborative, and strategic manner of the cumulative security resources of the organization in order to deliver enterprise-wide benefits through enhanced risk mitigation, increased operational effectiveness and efficiency, and cost savings.
Asset
Anything that has tangible or Intangible value to an enterprise
Intangible Asset
Assets that do not have a physical presence (Information, Intellectual property, reputation etc..).
Tangible Asset
Assets that have a physical presence. (Human & Environmental assets).
Copyrights
A property right in an original work of authorship fixed in any tangible medium of expression, giving the holder the exclusive right to reproduce, adapt, distribute, perform, and display the work.
Example of Copyrights
Original works may include things such as Literary, musical, dramatic, choreographic, pictorial, graphic, sculptural, and architectural work; motion pictures and other audio-visual works; and sound & records
Intellectual property rights (IPR)
Intangible rights protecting the realization of ideas and concepts resulting in commercially valuable products. NOTE: Examples include but are not limited to trademark, copyright, and patent rights, as well as trade secret rights, publicity rights, moral rights, and rights against unfair competition
Internet of things (loT)
A system of interrelated computing devices, mechanical, and digital machines provided with unique identifiers (UIDs) with the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
Non-disclosure agreement (NDA)
A Legal contract that establishes a relationship between two or more parties outlining confidentiality and the responsibility for protecting information
Patent
To exclude others from making, using, marketing, selling, offering for sale, or importing an invention for a specified period granted to the inventor if the device or process is novel, useful, and no obvious
Proprietary information
Information of value, owned by an entity or entrusted to it, which has not been disclosed publicly
Risk
Effect of uncertainty on the achievement of strategic, tactical, and operational objectives
Risk assessment
Overall and systematic process for evaluating the effects of uncertainty on achieving an enterprise’s objectives_ Risk assessment includes risk identification, risk analysis, and risk evaluation
RCA- Root cause analysis
A technique used to identify the conditions that initiate the occurrence of an undesired activity or state.
Technical surveillance Countermeasures (TSCM)
Employment of services, equipment, and techniques designed to Locate, identify, and neutralize the effectiveness of technical surveillance activities.
Threat
Potential cause of an unwanted incident, which may result in harm to individuals, assets, a system or organization, the environment, or the community
Trade secret
All forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processed, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing if (a the owner thereof has taken reasonable measures to keep such information secret; and if) the information derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, the public
Information assets are necessary in achieving organizations strategic ____________ and ____________.
Goals & Objectives
In order to safeguard its information assets, what should be established by an organization.
IAP - Information Asset Protection program appropriate to its size & type
Mixed assets
Some assets have both tangible and intangible characteristics and may be referred to as “mixed assets
As per ESRM who shares the Security Responsibility
Security Professionals & Asset Owners.
As per ESRM all the final security decisions are responsibility of whom ?
Asset Owners
Who is responsible for protecting the information’s assets in an organization
The Top Management & Other Asset owners
Who is responsible for overseeing the implementation, maintenance, and evaluation of the IAP program ?
The IAP Lead nominated/Assigned by Top Management
What should be established by organization to measure the IAP program
Metrics & Key performance indicators
___________ and ___________ establish the standards that govern how an organization expects its employees to behave in protecting and safeguarding information from misuse, loss, theft, and misappropriation
Policies & Procedures
The IAP policies and procedures should be communicated to.
All individuals working for or on behalf of the organization
What is the initial stage of protecting the information asset
Asset Identification followed by asset valuation & prioritization
Basis of asset valuation are ?
Importance-criticality-sensitivity
What is the key element of Information Risk assessment..?
Valuing assets / Assigning Value to assets
Highly Restricted information
Highly restricted is used for information that could allow a competitor to take action that could seriously damage an organization’s competitive position in the marketplace, or the disclosure of which could cause significant damage to the organization’s financial or competitive position, brand, or reputation.
Restricted Information
Restricted is used for information that is organizationally or competitively sensitive or could introduce Legal or employee privacy risks.
Information is a critical asset for an organization, Access to employee is based on..?
His or Her current Role in organization
Information protection triad
Security Measure - Legal Protection - Management Practice
They do not have to be ‘registered” to be protected
Trade Secret
To be able to prove a trade secret case in court, the information asset must be
Clearly identified and valuated
This form of legal protection provides the owner with the Legal right to exclude anyone else from manufacturing or marketing an invention or process
Patent
Trademark
A trademark is a name, phrase, sound, or symbol used in association with a product
Service mark
A service mark is a brand name or logo that identifies the provider of a service. A service mark may consist of a word, phrase, symbol, design, or a combination of these elements
Trademark protection typically Lasts for..?
10 years after registration and can be renewed
Through ____________ agreement, the individual acknowledges that all information assets are considered confidential, will be properly protected, and are the property of the employer
NDA - Non Disclosure Agreement
Critical component of any IAP program ?
People
Protecting information assets begins with
An individual’s recruitment
First opportunity to inform individuals about IAP policies and procedures through awareness and training
During On Boarding
What are most effective measures that supports the IAP program objectives?
Security awareness & Training
Eyes & Ears of the organizations in IAP program
Employees are the eyes & ears of the organization that spot physical and electronic security risks that need to be reported
ISO 27001 and 27002 discuss the concept of?
Information security management system (ISMS)
To address the electronic/Digital environment risk, organizations should implement cyber security measures based on a
Risk management approach that is consistent with the IAP strategy
The selection of cyber security controls will vary depending on the Organization’s
Business needs, regulatory/contractual compliance Requirements, risk profile, internal & external audit findings.
The organization should conduct_____________ as part of their investigative support role to determine the causes that led or contributed to the information asset loss incident
RCA - Root Cause Analysis
Competitive intelligence involves the_________ & _________ collection of valuable information on a competitor or related entity on marketing plans, technologies, product developments, and other strategic information
Legal and ethical
OSINT
Open Source Intelligence
In a commercial setting (the private sector), OSINT is defined as the process of
Collecting publicly available information and using it for a business purpose
What pushed organizations to rely on Web-based systems?
The emergence of remote work models
Information/Organizational assets at both onsite and virtual trade shows and similar events can be protected by
Proper training
Sharing of information should be based on
Roles & Need to Know basis
Risks of remote/telework environments can be effectively managed by
Implementing and test crisis management and business continuity plans
Who is responsible to protect information assets?
All employees, suppliers, contractors, and agents are responsible for protecting (company/organization) information assets to assure its confidentiality, integrity, and availability
Trusted Parties
Trusted parties include vendors, supplier, contractors, consultants, interns, and others who are granted access to information assets or facilities.
In order to safeguard its information assets, an organization should establish a policy that requires specific measures be taken to protect information asset. What are the elements this policy should outline?
Organizational roles, responsibilities, and accountabilities
Effective protection of information assets, whether in electronic, verbal, written, or any other form, what are the basic principles it involves?
Classification and labelling information; handling protocols to specify use, distribution, storage, security expectations, declassification, return, and destruction/disposal methodology; Training; incident reporting and investigation; audit compliance processes and special needs (disaster recovery).
What is important to understand in relation to intellectual property rights?
It is important to understand the IPR climate and the ability of legal safeguards that are applicable in each jurisdiction where there is a necessity to support your business requirements
When an information asset can be said as trade secret?
The owner thereof has taken reasonable measures to keep such information secret; and (b) the information derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, the public
At the beginning of developing information asset program, what is important to identify?
It is important identify what information should be protected and then identify the many forms this information may take over its lifecycle. It is also important to recognize that only a certain segment of the organization’s information may warrant protection. Once such information is identified, it should be classified such that the most significant information assets receive the greatest degree of protection. However, some suggested controls might not be applicable, or practical, in every part of every organization.
What are the basic criteria to determine the levels of information?
Sensitivity and criticality
What is the difference between sensitivity and criticality?
Sensitivity: This information includes that which if disclosed outside of trusted people and processes would likely have a significant impact on the organization’s operations and business strategy. Criticality: Critical information is that upon which an organization relies to accomplish its mission and support business decisions.
In order to be most effective at identifying and addressing risk, risk assessment should be considered at which levels?
At the product, technology and transaction specific level.
While developing information asset program, which step helps narrow the scope of the information that requires protection and focuses limited security resources where they are most needed?
This step is to identify the information that may need to be labelled and protected.
Why distinct controls on privacy information should be implemented?
In order to maintain the necessary level of trust and to meet legal and regulatory requirements.
Almost invariably, what are the most cost effective measures that can be employed to protect corporate and organizational information assets?
Security awareness and training.
What helps best to achieve the information asset protection in the organization?
Through routine business practices that permeate every element of an organization.
What is the key element of threat to sensitive information?
Technical means of collecting information by adversaries
It is recommended that physical security professional work with IT professional to determine kind Of protective measures need to be implemented for information security. In course of this process what are the key factors to consider?
Key factors to consider are the amount of information within your company that is considered information and the level of protection that this information should receive.
If an organization face the significant internal threat what kind of protection measures need to be implemented?
Compartmentalization is an important measure to counter the internal threat.
What is the primary objective of logical network access control?
The primary objective is to preserve and protect the confidentiality, integrity, and availability of information, systems, and resources
In relation to the application security how vulnerabilities can be exploited?
By using a point of entry legitimately open for business needs
What an encryption should support?
Encryption should support an information identification, classification and protection structure
In order to be able to probe a trade secret case in court what are the preconditions must be fulfilled?
Document your identification and valuation of the asset, its role in establishing competitive advantage in your industry, and the full scope of protection measures you have instituted to protect it.
What can be ensured by a written non‐disclosure agreement?
Possible to ensure a common understanding as well as a legal obligation with respect to protecting information assets.
What are the key elements of an assets protection strategy for trade show participation?
Training, awareness and preparation
Based on what it is possible to identify “high risk” travellers?
Identify “high risk” travellers based on their position, project, access or clearance within the company
A property right or other valid economic interest in data resulting from private investment. Protection of such data from unauthorized use or disclosure is necessary to prevent the compromise of such property right or economic interest.” This the definition for
Proprietary information
Employment of services, equipment and techniques designed to locate, identify and neutralize the effectiveness of covert technical surveillance devices.”, is the definition for which of the following
Technical surveillance countermeasures
Which of the following BEST describes who has the ultimate responsibility for protecting the organization’s information assets
The organization’s leadership
A key element in the IAP risk assessment process is a thorough study of existing and projected threats. What are the categories?
Intentional, natural and inadvertent threats
Which of the following statements is correct
Risk assessments should identify risks, quantify them, and prioritize them according to the organization’s criteria for risk acceptance.
Information warranting protection must be appropriately identified and marked. Various levels are used to distinguish the degree of sensitivity or the degree of protection warranted: confidential, restricted, limited, non-public, etc. Who is BEST suited to define the security level?
The originator of the information
Access to internal company information should be restricted. Which of the following BEST describes who can access sensitive information
Company personnel or others who have signed a nondisclosure agreement
When defining protection for information systems, persons are assigned increased levels of trust for access to entitled access levels of sensitive information. This is called:
Defense in Depth
A janitor has limited access to information on the organization’s information systems restricting access to only his/her payroll information and personal timesheets. HR and payroll personnel have access to higher levels of the same timesheet information. This is an example of:
Defense in Depth
Private and personal information pertaining to an organization’s employees, management, relationships, customers, or others, is also often referred to as
Personally Identifiable Information
According to most international legal requirements, these do not have to be registered to be protected. Nevertheless, a person can formalize ownership through government registration, which may help in any later enforcement actions. This applies to which of the following? .
Copyrights
These need not be registered with any outside agency, so the owner can maintain a greater degree of control over the asset. The owner must be able to prove that the information added value or benefit to the owner, was specifically identified, and the owner provided a reasonable level of protection. This is called which of the following:
Trade Secret
A process by which users are identified and granted privileges to information, systems, or resources, is called which of the following
Logical network access control
Network devices typically communicate using a worldwide internet standard for communication, also called:
TCP/IP
These special systems are typically programmed at the manufacturer and run proprietary or nonstandard operating systems. These may include video cameras, card readers, access controllers, intrusion detection (alarm) control panels and video converters. Another term for these systems is:
Embedded systems
Any circumstance, capability, action, or event with the potential to adversely impact an information system through unauthorized access, destruction, disclosure, modification of data, and/ or denial of service, is also referred to as:
Information systems threat
Threats * Vulnerabilities = x
Countermeasures
What is “x”?
Residual risk
Inappropriate links to unprotected networks, improper system configuration, or unpatched workstations are examples of:
Vulnerability in the information systems infrastructure
There are 3-information security system control objectives, which of the following are the objectives?
Detection; recovery; and compliance
Information systems countermeasures are divided into three broad classifications, “Management policies, standards, procedures, guidelines, personnel screening and awareness training”. They are called which of the following?
Administrative controls
The best way to protect a document is to do what
Mark & classify
The effectiveness of an information security program ultimately depends upon
People’s behavior
What is the culture of an organization
A pattern of shared basic assumptions that the group learned to solve its problems
A possibility that a particular threat will adversely impact an ISS by exploiting a particular vulnerability is called
Risk
Which threat is classified as logical threat
Virtual threat
Amongst the key step taken after an information loss, which is the most time critical
Damage assessment
A technique that reduces a threat vulnerability by eliminating the harm it can cause and reporting it so that corrective action can be taken is
ISS countermeasure
An information communication attacking agent is
Trojan Horse
The most important in information security is
Management buy-in
Who are the causes of most losses in information assets of an organization
Outsiders’ threats
Amongst the steps to take after an information loss, one primary element of recovery is, To return to normal business as soon as possible, what is the other
Implement measures to prevent a recurrence of the problem
The total remaining potential risk after all ISS countermeasures are applied across all threats is called
Residual risk
A device placed between the internet and the system one needs to protect is
Fire wall
Accessing a computer remotely by placing malware on the computer perhaps while the user is visiting a website is
Hacking
Controls placed on the information system infrastructure to prevent the exploitation threats are called
Infrastructure countermeasures
What are the broad classification of information system countermeasures
Administrative
Technical
Physical
What are the organization’s ISS overall objectives
Maintain confidentiality
Maintain integrity
Maintain availability
To fraudulently convince user to deliberately give up the user’s I.D/ password to get into the network is referred to as
Social engineering
A hacker who goes after a system by accessing it via normal channels, through exploiting existing vulnerabilities is called
Direct attack
Perhaps the most frequently over looked threats and are also the most difficult to identify and evaluate are
Inadvertent threats
For each threat, the remaining potential risk after all ISS countermeasures are applied is referred to
Residual threat risk
What category of information system threats requires the need for logical paradigm
Virtual threats
An important aspect of information security which is used to prevent individuals from gaining access to the actual data of an organization is
Cryptography
What standards provide a definitive certification guidance for an organization’s information assets
ISO 27001 & ISO 27002
The unauthorized acquisition and/or dissemination by an employee of confidential data critical to the employer business is
Industrial espionage
What is the major difference between HIPS and IDS
HIPS is like IDS except it operates on a host system
A system used to dial into a company’s telecommunication system and make configuration changes to it is
RMAT
What is perhaps the oldest form of communication that connects to a computer network
Printers
What will trigger the destruction of information but will not multiply itself
Trojan Horse
What is one of the key objectives of an organization ISS (Information System Security)
Using corporate resources effectively to protect sensitive information and systems
What is perhaps the most important in information security as in physical security
Having the buy-in of executive management in supporting the security initiatives
What has become the de-facto standard communication mechanism in the corporate arena
E-mails
What is the centerpiece of ISO 27001
ISMS
A mechanism by which individuals who do not know each can ensure secure transaction is
Certificate
List what are considered as an information system security control objective
Protect
Compliance
Recovery
Detection
A written agreement that forbids an employee from taking up an employment in a competitors organization for a specific period of time is referred to as
Non competitive covenant
Logos, marks, signs of an organization is protected by what
Trade marks
What is referred to as a clear and practical written document that is shared with all relevant units and is fairly enforced
Policy document for protecting an organization information asset
A property right granted to an inventor to exclude others from making, offering for sale the invention for a limited time is referred to as
Patent
What defines access control to an organization information assets
AAA triad
Authentication,
Authorization and
Accountability /Auditing
What are considered second factor authentication
Biometrics
OTP
Encryption
When personnel, equipments and awareness trainings are employed as protection measures by an organization for its information assets protection this is referred to as
Security measures
Which standard provides a definitive certification guidance for an organization information security
ISO 27001/2
What is an emerging international standard for managing an organization’s information security
ISO 27001/2
What are the pillars of information security
Integrity
Non-repudiation
Confidentiality
One of the most important elements when developing an information security incident response plan is
The policy document
What is the fundamental idea behind an information security management system
Continual improvement
Upon what does the effectiveness of an information security program ultimately depend
People’s behavior
When implementing an organization’s information security improvement program, one key factor to consider is
People’s behavior
When implementing an organization’s information security improvement program, one key factor to consider is
Organizational culture
What will fuel commercial technology theft in an organization
Continued fierce global economic competition
The manipulation of people to get them to do something that weakens their security on the network is
Social engineering
Logo, trademarks, patents and trade, secrets all come under what
Proprietary information
Who is responsible for trade secret custody
The owner
What are done to an information asset to be protected
Identification
Classification
Marking
What is an organization culture
A pattern of shared basic assumptions that the group learned
Obscuring the meaning of information by altering or encoding it in such a way that it can only be decoded by the people it is meant for I known as what?
Encryption
For a newly discovered process or product the guideline for protection to be followed until they enter the market is
Trade secret guidelines
Acquisition of patent protection
Consider using trade commission as venues for resolving patent disputes
Which standards are considered formed emerging international standard for managing information security of an organization
ISO/IEC 27001/ISO IEC 27002
What is presently considered a de-factor standard for ISS certification
CISSP
In Information system risk assessment what should the IT department do to stop virtual fraudsters
Encryption
Illegal form of corporate information theft from a competitor is referred to as
Industrial espionage
Which are the classification of an information security counter measure
Administrative controls
Technical controls
Physical controls
What is the life span of a patent from first filling
20 years
An organization’s information protection strategy should be designed to support what of the organization
Goals
Strategy
Timeliness
Who constitutes a significant area of vulnerability for U.S natural security
Insiders
Ultimately the responsibility for protecting information assets rest with who
Leadership of an organization
Who typically determines the classification level of an information
Originator
Access to internal information should be restricted to company personnel, who have
Signed a non-disclosure agreement
Who are responsible for sharing information assets and protecting them from inappropriate disclosure, modification misuse or loss
All employees/ members of the extended enterprise
What is the recommended mailing procedure for a highly restricted document within the company
Double seal envelopes, mark inner envelop ‘‘Highly restricted’’ to be opened by addressee only, No security mark on outer envelop
What is one of the key objectives of an organization’s ISS program
Using corporate resources effectively to protect sensitive information and system
The cost of a theft of a trade secret by a cyber thief is what
The value of the trade secret to the company
In basic risk management, how much one should spend to prevent an ISS incident equals what
The probability of the incident times its cost
Typically part of information security policy framework recommendation as in ISO 27001/2 is
Classifying and controlling sensitive information
The objective of an organization’s information system security (ISS) program is
Prudently and cost-effectively manage the risk that critical organizational information are exposed against compromise, alteration, unavailability
A repository of data, that also acts as a mechanism of access to data is called
Servers
In the ‘AAA’ triad, the third ‘‘A’’ stands for
Auditing
Perhaps the most important files whose integrity must be preserved are file containing what information
Users I.D’s/password
Allowed roles (rights)
Permissions/privileges
What is considered a critical aspect of any information program is
Third party review
Which standard is designed to provide a uniform set of ISS standards for protecting credit card information’s
PCI DSS
How do you protect most valuable information assets
Encryption
Words, names, symbols used in connection with goods and services to identify their sources is
Trade marks
In the corporate arena, what ensures a common understanding and a legal obligation regarding the protection information assets of the organization in relation to employees
Non-disclosure agreements
The use of information system to commit crime is referred to as
Cyber crime
Perhaps the most frequency overlooked threats to the security of information
Inadvertent threats.
What are findings of research commissioned by the U.S Defense personnel security research centre
The internet allows sellers and seekers of information to remain anonymous.
Americans are more vulnerable to experiencing serve financial crisis due to aggressive spending habits.
Organizational loyalty and obligation is diminishing and employees may be less deterred from theft of information.
List what are findings of a study of insider incidents by the U.S secret service
Negative work events are a frequent trigger factor insider information theft.
Insider information thieves often present performance issues.
Three out of ten perpetrators had previous arrest records.
In relation to information, who or what is a fiduciary
A person to whom sensitive company information is entrusted and who should be bound by the terms of an NDA
What are appropriate ways to protect electronic files containing trade scores against theft. Source various/inferred
Access control to IT system on which trade secrets are stored should be protected according to the AAA triad.
The fundamentals of the CIA triad apply to both secrets and other sensitive information.
Encryption of trade secrets should be a standard countermeasure…
With regard to information security, application of layered protection (defense-in-depth) implies to what
The levels of trust should increase for those who are given access to successive layers (working from the outside of the layer inwards).
Each layer should seek to employ delays, detection and deterrence.
A range of complementary security technologies should be employed.
A specific risk to sensitive obsolete prototypes is that they
Can be reversed engineered if not destroyed properly.
Within the context of information protection, personnel security should include what
Due diligence of potential partners;
Standard pre-employment screening;
Vetting of subcontractors, vendors and consultants
Clearly marking information to state how the information will be used and made available to others, what notifications and actions will be taken in the events of compromise, and instructions for destruction of the information are safeguards that are specifically applied to:
Personally identifiable information
A business activity that special risks to a company’s sensitive information is
The establishment of partnerships or outsourcing agreements
How long is the life of a patent from first filling?
20 years
For information to be considered a trade secret, the owner must be able to prove that the information added benefit to the owner, the owner provided a reasonable level of protection and what else?
The trade secret was specifically identified.
What are vital steps in the creation of information asset protection (IAP) programs
The organization’s leadership should show its commitment to IAP by providing appropriate resources and requiring all business units to develop strategies to align business and protection goals,.
A dedicated department, group, or individuals should be tasked with policy management and auditing.
All business units, personnel, temporary employees, vendors, consultants, contractors, and business partners should be required to adhere to the policy
Who should sign a non-disclosure agreement as a condition of employment
All employees.
Protection of information, especially in digital data form, should be subject to be ‘‘CIA triad’’. Confidentiality, integrity and?
Availability
Information warranting protection must be?
Appropriately identified and marked.
What is the method for identifying information security protection gaps in current security measures and which responds to the facts that shall bits of information from different sources can be complied to create sensitive information?
OPSEC
A system to authenticate the identity of a sender of an email is called:
Digital signature.
What is the best way to address infringements of patents, copyrights and trademarks
Register those rights.
What should be registered in order for legal protection to exits?
Trademarks.
What best describes the professional development needs of the traditional security professional in regard to the growing threat of cybercrime?
The security professional needs a practical understanding of the new logical security paradigm.
In regard to cybercrime what are the major challenges
There is a worldwide federation between various classes of cybercriminals and malware developers.
Nation states are involved in cybercrime.
Cyber extortion is an example of a significant threat facing some businesses.
There is no cohesive global law enforcement effort to eliminate cybercrime.
Why are firewalls and anti-virus fundamentally imperfect
Because they can circumvent signature-based controls.
How do cybercriminals use rouge wares to target computers
Rouge ware, masquerading as security software, is frequently downloaded by non-savvy IT users and by cybercriminals into compromise information on a target computer or to enroll into a both net.
What represents whether a company’s ISS programme meet an information security standard of due care?
Legislation and regulation of information holders to protect all; contract and tort law on security information and information assets, recommended security practices of the professional ISS community.
Access control to information systems encompasses which processes?
Identification,
Authentication,
Authorization and
Accountability
What is defined as integration in a formal, collaborative, and strategic manner, of the cumulative security resources of the organization in order to deliver enterprise-wide benefits through enhanced risk mitigation, increased operational effectiveness and efficiency and cost savings?
Convergence.
What is a major challenge with regard to SCADA
The use of the internet exposes SCADA system response and recovery capabilities
What is the worldwide internet standard for communication, over which network PPS communicate
TCP/IP.
Specifically in relation to access control system that are TCP/IP based, we find two dangers what are these
The creation of a back door or additional cards by administrators; a PC to which the access control server is connected may have been taken over by an adversary.
What is the most correct statement with regard to IP video surveillance
IP video surveillance is vulnerable to internet-based threats such as unauthorized access, tampering and destruction of recordings.
The key objectives of an organization’s ISS program can be summarized as
Protecting against the insider threat,
Protecting against unauthorized change,
Protecting against unavailability
Any flaw or weakness in an information systems design, implementation, or operation and management is the definition of an:
Information systems vulnerability
What represents the fundamental equation of ISS?
Residual risk=(Threats x Vulnerabilities) ÷ Countermeasures
As a precursor to initiating a malicious act, virtual threats typically enter computer networks by:
USB peripheral device attachment; hacking; malware, sometimes as a result of visiting a website; phishing; social engineering.
An example of an ISS vulnerability typically created by users is
Social engineering.
Using a computer to trim off small amounts of money from sources and diverting those slices into one’s own or an accomplice’s account is known as the ‘‘salami’’. In which sector is this crime most common
Banking
There have numerous cases in which sensitive data stored on notebook computers was compromised. The only reliable protection is to require notebook users to
Encrypt sensitive files.
As in other security, information systems countermeasures can be divided into three board classifications. Which answer best encapsulates these?
Administrative controls,
Technical controls,
Physical controls.
From a security point of view, which of the following is the most dangerous logical entry point in a computer
Communication stack
If authentication and authorization are the first two elements of the AAA triad, what is third
Auditing/accountability.
Which kind of attack, prevalent in web applications, tricks email programs into executing the e-mail as if it were a program rather than simply processing it as text
Escalation of privilege attack.
What forms an emerging international standard for IT security
ISO 27001/2.
List major challenges of security convergence?
When physical security practitioners put physical security technology into the network, they open the door to significant network-based security task.
When physical security practitioners put physical security technology into the network, cost-effectiveness can be increased.
When physical security practitioners put physical security technology into the networks, greater operational effectiveness and efficiency can be achieved than in stand-alone system.
When physical security practitioners put physical security technology into the network, they increase network-based security risk
In an IT context, what is meant by the team social engineering
Someone convinces a user to share his credentials to get on the network.
A fully configured exclusive computer facility, with all IS services and communications links is known as a?
Hot site.
A property right or other valid economic interest in data resulting from private investment protection of such data from unauthorized use and disclosure is necessary in order to prevent the compromise of such property right or economic interest. This is the definition of:
Proprietary information.
The following definition relates to which one of the answers below: ‘‘initially appear to be legitimate and will behave as though they were doing what the operator expects. But they contain a block of undesirable computer code or another computer program that allows them to do detrimental things to the system, such as infecting a machine with virus, worm, bomb, or trapdoor’’.
Trojan horse.
In computer attacks, there are two types of bombs, as follows
Time bombs and logic bombs.
An organization that sends an e-mails to an outside organization, what would it use for protection for the mail
Virtual private network (VPN)
A device that records the calls/callers in a telephone is
Pen register
Who uses PCI-DSS
All companies involved in credit card issuance
