Information Assurance 2

Question 1

The act of protecting data
from being observed by any
unauthorized persons.

Answer 1

CONFIDENTIALITY

Question 2

The act of maintaining and
assuring the accuracy and
completeness of data over
its entire lifecycle

Answer 2

INTEGRITY

Question 3

The act in which Information is accessible by
authorized users whenever they request the
information

Answer 3

AVAILABILITY

Question 4

is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions,
training, best practices, assurance and technologies that can be used to
protect the cyber environment and organization and user’s assets

Answer 4

Cybersecurity

Question 5

Is all about protecting data that is found in electronic form.

Answer 5

Cybersecurity

Question 6

KEY PRINCIPLES OF
INFORMATION SECURITY

Answer 6

1. confidentiality
2. integrity
3. availability

Question 6

Organization and User’s Assets

Answer 6

1. Network
2. Services
3. Telecommunications
4. System/Application
5. Personnel/User Domain
6. Computing devices
7. Infrastructure

Question 7

Phases of a Security Lifecycle

Answer 7

1. identify
2. prevent
3. detect
4. respond
5. recover

Question 8

developing the organisational understanding to manage cybersecurity risk to systems, assets, data and capabilities

Answer 8

IDENTIFY

Question 9

safeguards to ensure delivery of critical infrastructure services

Answer 9

Prevent

Question 10

activity to identify the occurrence of a cybersecurity event.

Answer 10

Detect

Question 11

activities to take action regarding a detected cybersecurity event

Answer 11

RESPOND

Question 12

maintaining plans for resilience and restoring any capabilities or services impaired due to a cybersecurity event

Answer 12

RECOVER

Question 13

Disciplines Contributing
To Information Security

Answer 13

1. Business
2. Economics
3. Education
4. Law
5. Mathematics
6. Psychology

Question 14

appreciating the organisational context in which the protection is required and the importance of security in terms of areas such as maintaining brand reputation, supporting business continuity and minimising business risk.

Answer 14

Business

Question 15

understanding the value of security controls relative to costs of exposure and linking to factors such as return on (security) investment

Answer 15

Economics

Question 16

supporting areas such as user awareness and training, each being steps towards the boarder goal of achieving a security culture amongst the staff community

Answer 16

Education

Question 17

recognising the laws that require us to preserve security, and those relevant in a response to incidents, as well as linking to criminology in relation to understanding the nature and motivation of some of the attackers that may be faced

Answer 17

Law

Question 18

providing the underpinnings for a variety of security techniques, including cryptography and access control.

Answer 18

Mathematics

Question 19

helping us to understand how users perceive issues such as security and trust, as well as predicting how users may behave in risk scenarios and the factors that may influence their response

Answer 19

Psychology

Question 20

Three types of users

Answer 20

1. malicious users,
2. untrained users,
3. careless user

Question 21

Weakest Link in the Security of an
IT Infrastructure

Answer 21

1. user
2. human error
3. common threats

Question 22

is considered to be the weakest link in information security.They are malicious users, untrained users, and careless users

Answer 22

USER

Question 23

hacking and phishing and malware threats such as viruses, worms and Trojan horses

Answer 23

COMMON THREATS

Question 23

is a major risk and threat to any organization

Answer 23

HUMAN ERROR

Question 24

Related Areas supported by security

Answer 24

1. Artificial Intelligence
2. System Analysis and Design
3. Software Engineering
4. Networking
5. Computer Science
6. Human Computer Interaction
7. Database

Question 25

AI techniques have significant potential to aid security technologies and decision processes, need to be secure against compromise, given the increasing trust and reliance that is placed on them

Answer 25

ARTIFICIAL INTELLIGENCE

Question 26

Given that database technologies are often used to store the most valuable asset (the data), the security considerations here include preventing unauthorised disclosure and modification of the stored data,

Answer 26

DATABASE

Question 27

Systems that are designed and implemented without taking their users into account can often end up causing mistakes, which in turn could compromise security

Answer 27

HUMAN COMPUTER INTERACTION

Question 28

data is sent over the network, and the network connections seeking to protect, it is important to consider the security at the networking level in terms of protecting data in transit and controlling the permitted connectivity between the end-systems and devices

Answer 28

NETWORKING

Question 29

Recognising that many vulnerabilities can also occur as a result of the way code was written rather than a fundamental design flaw

Answer 29

SOFTWARE ENGINEERING

Question 29

Security needs to be considered within the specification and design of new systems, such that it is recognised and incorporated from the outset rather than needing to be retrofitted at a later stage

Answer 29

SYSTEMS ANALYSIS AND DESIGN

Question 30

Impacts on Security Breach

Answer 30

1. disclosure
2. denial of access
3. modification
4. destruction

Question 31

data is disclosed to an unauthorized party.

Answer 31

Disclosure

Question 31

data is changed as a result of the breach.

Answer 31

Modification

Question 32

data, or a system containing it, becomes unavailable.

Answer 32

Denial of Access

Question 33

data is lost as a result of the breach

Answer 33

Destruction

Question 34

9 Steps for Information
Risk Management Regime

Answer 34

1. Secure Configuration
2. Network Security
3. Managing User Privileges
4. User Education and Awareness
5. Incident Management
6. Malware Prevention
7. Monitoring
8. Removable Media Controls
9. Home and Mobile Working