Inf Sec - Imp Q Flashcards

1
Q

Information warranting protection must be appropriately

A

Identified and Marked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The a)__________ of the information typically determines the b)________

A

a)Originator
b)Classification Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An employees access should be based on his or her current ________ and need to know, not solely on position

A

Job function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

____________ models and test items should be destroyed so they cannot be reversed engineered

A

Obsolete prototype

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

___________ developed in military to protect unclassified information that could reveal sensitive plan

A

Operations Security (OPSEC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Privacy protected information is specifically regulated by the _____________

A

Health Insurance Portability and Accountability Act (HIPAA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

______ property right granted to an inventor to exclude others from making, using or selling the invention for a limited time

A

Patent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

________ words, names, symbols, devices or images applied to products or used to identity their source

A

Trademark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

________ is used to protect the expression of ideas in literary, artistic and musical works

A

Copyright

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The best way to start addressing infringement of patents, copyrights, and trademarks is to

A

Register those rights

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Under _________ law copyrights do not have to be registered to be protected

A

International Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When doing business outside the organizations home country, the best weapon is

A

Prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A patent last only

A

20 years

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Patents convey a range of benefits but require the inventor to disclose the

A

Inventions elements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Sanitizing information systems and media : _____________________ before the medium is reused

A

Removing data on a storage medium

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The key steps to take after information loss

A

Investigation
Damage Assessment
Recovery &
Follow up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The use of information systems to commit crime (Human challenge : Failure of imagination)

A

Cybercrime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

_____ is a type of malware, data stealing Trojan Horse Program

A

Zeus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Software applications that run automated taksts

A

Bots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Customer lists, pricing information, cost structure, strategic plan or proprietary processes

A

Intellectual property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Using Corporate resources effectively to protect sensitive information and systems is a key objectives of

A

ISS Program

22
Q

Who is responsible for defining who needs access to what information

A

Information Owners

23
Q

Attacks that are harder to detect and harder to defend against a weapon of mass disruption

A

Cyber Attack

24
Q

What is one of the most serious economic and national security challenges we face as a nation

A

Cyber Threat

25
Devices may be divided into two types of systems
Embedded Host Based
26
Embedded Systems
Also know as special systems are typically programmed at the manufacturer and run proprietary or nonstandard operating system
27
Host Based systems
Run on more standard operating systems, typically a windows or Linux operating system
28
What can give complete control over door. Success/failure of organization may depend on security professional's actions
Gecko
29
The objective of an organizations information systems security program is to a) _________ and b) ___________ manage the risk that critical organizational information could c)________ d)__________ or e) _________
a) Prudently b) Cost effectively c) Be Compromised d) Be changed without authorization e) Become Unavailable
30
The security professional strives to protect informations
Confidentiality Integrity Availability (Also called CIA)
31
Residual risk
Threats * Vulnerability's / Countermeasures
32
In business who is responsible for information security
Everyone
33
Almost all modern communications via computer follow a model called the
Open Systems Interconnect (OSI)
34
AAA Triad
Authentication Authorization Auditing/Accountability
35
Tool for maintaining integrity which shows whether data has been tampered with
Cyclical Redundancy Check (CRC)
36
The oldest form of communications that connects to a computer network
The Printer
37
Protects Credit Card Information
The payment card industry data security standard
38
Sarbanes-Oxley Act
Sox requires the management of a public company to assess the effectiveness of the company's internal control over financial reporting
39
Red Queen Effect
Organizations information systems management program must be continually improved
40
Convergence
The integration in a formal, collaborative and strategic manner, of the cumulative security resources of the organization in order to deliver enterprise wide benefits through enhanced risk mitigation, increased operational effectiveness and efficiency and cost savings
41
ISS principles center on three basis elements
Confidentiality Integrity Availability called the CIA triad
42
Someone convinces a user to share his credentials to get on the network
Social Engineering
43
Malware
Someone attack a systems by installing software on it, either with the users knowledge (usually hidden in other software or email) or automatically without the users knowledge
44
Malware
One of the most insidious mechanism hackers use today to attack systems is malware.
45
Malware types and used for
Viruses, Worms, Spyware, Rootkits, Trojan Horses and it is designed to give the cybercriminal or hacker control of the computer on which it is installed
46
Why is web attack dangerous
Because it can defeat almost every control
47
Physical Security professionals mitigate risk via
Policies References Frameworks
48
ISS professionals mitigate risk through
Information Security Management System (ISMS) such as that described in ISO 27001
49
The first job of the individual charged with an organizations ISS is to
Create an ISMS appropriate for the size of the organization
50
Who must support the organizations ISS culture
Senior Management
51
A notable practice in ISS is
Clock Synchronization. This is typically done with a protocol called Network Time Protocol (NTP and it allows for all systems on a network to have the same time)