Information Governance and Risk Management

Question 1

Availability

Answer 1

Reliable and timely access to data and resources is provided to authorized individuals.

Question 2

Integrity

Answer 2

Accuracy and reliability of the information and systems are provided and any unauthorized modification is prevented.

Question 3

Confidentiality

Answer 3

Necessary level of secrecy is enforced and unauthorized disclosure is prevented.

Question 4

Shoulder Surfing

Answer 4

Viewing information in an unauthorized manner by looking over the shoulder of someone else.

Question 5

Social Engineering

Answer 5

Gaining unauthorized access by tricking someone into divulging sensitive information.

Question 6

What is the triad of security?

Answer 6

C.I.A. - Confidentiality, Integrity, Availability

Question 7

Vulnerability

Answer 7

Weakness or a lack of a countermeasure

Question 8

Threat Agent

Answer 8

Entity that can exploit a vulnerability

Question 9

Threat

Answer 9

The danger of a threat agent exploiting a vulnerability.

Question 10

Risk

Answer 10

The probability of a threat agent exploiting a vulnerability and the associated impact.

Question 11

Control

Answer 11

Safeguard that is put in place to reduce risk, also called a countermeasure.

Question 12

Exposure

Answer 12

Presence of a vulnerability, which exposes the organization to a threat.

Question 13

What are the main categories/types of security controls?

Answer 13

Administrative, Technical (or Logical) and Physical

Question 14

What are the different functionalities of security controls?

Answer 14

Preventative, Detective, Corrective, Deterrent, Recovery and Compensating.

Question 15

Deterrent Control

Answer 15

Discourage a potential attacker.

Intended to discourage a potential attacker

Question 16

Preventative Control

Answer 16

Stop an incident from occurring.

Intended to avoid an incident from occurring

Question 17

Corrective Control

Answer 17

Fix items after an incident has occurred.

Fixes components or systems after an incident has occurred.

Question 18

Recovery Control

Answer 18

Restore necessary components to return to normal operations.

Intended to bring the environment back to regular operations.

Question 19

Detective Control

Answer 19

Identify an incidents activities after it took place.

Helps identify an incidents activities and potentially an intruder

Question 20

Compensating Control

Answer 20

Alternative control they provides similar protection as the original control.

Controls that provide an alternative measure of control.

Question 21

Vulnerability

Answer 21

Weakness or a lack of a countermeasure

Question 22

Defense-In-Depth

Answer 22

Implementation of multiple controls so that successful penetration and compromise is more difficult to attain.