Information Management CH6

Question 1

Briefly define each of the three members of the information security triad.

Answer 1

i. Confidentiality: we want to be able to restrict access to those who are allowed to see given information.
ii. Integrity: the assurance that the information being accessed has not been altered and truly represents what is intended.
iii. Availability: information can be accessed and modified by anyone authorized to do so in an appropriate timeframe.

Question 2

What does the term authentication mean?

Answer 2

The process of ensuring that a person is who he or she claims to be.

Question 3

What is multi-factor authentication?

Answer 3

The use of more than one method of authentication. The methods are: something you know, something you have, and something you are.

Question 4

What is role-based access control?

Answer 4

With role-based access control (RBAC), instead of giving specific users access rights to an information resource, users are assigned to roles and then those roles are assigned the access.

Question 5

What is the purpose of encryption?

Answer 5

To keep transmitted data secret so that only those with the proper key can read it.

Question 6

What are two good examples of a complex password?

Answer 6

a. There are many examples of this. Students need to provide examples of passwords that are a minimum of eight characters, with at least one upper-case letter, one special character, and one number.

Question 7

What is pretexting?

Answer 7

Pretexting occurs when an attacker calls a helpdesk or security administrator and pretends to be a particular authorized user having trouble logging in. Then, by providing some personal information about the authorized user, the attacker convinces the security person to reset the password and tell him what it is.

Question 8

What are the components of a good backup plan?

Answer 8

Knowing what needs to be backed up, regular backups of all data, offsite storage of all backed-up data, and a test of the restoration process

Question 9

What is a firewall?

Answer 9

A firewall can be either a hardware firewall or a software firewall. A hardware firewall is a device that is connected to the network and filters the packets based on a set of rules. A software firewall runs on the operating system and intercepts packets as they arrive to a computer.

Question 10

What does the term physical security mean?

Answer 10

Physical security is the protection of the actual hardware and networking components that store and transmit information resources.

Question 11

What are the two types of encryption?

Answer 11

1. Symmetric key encryption (two keys which are the same)

2. Public key encryption (two keys, of whom one is public and the other private)

Question 12

What are the four requirements of a backup plan

Answer 12

1. Full understanding of organizational information resources
2. Regular backup of data
3. Offsite storage
4. Test of data restoration

Question 13

What are the two types of firewalls?

Answer 13

Hardware firewall (attached to network)
Software firewall (runs on operating system)

Question 14

What is IDS (Intrusion Detection System)

Answer 14

identifies if the system is under attack

Question 15

Name some internal IT threats

Answer 15

1. Intentional Malicious Behavior

2. Careless Behavior

Question 16

Name some external IT threats

Answer 16

1. Intrusion threat
2. Social engineering
3. Phising
4. Security weaknesses
5. Backdoors
6. Malicious code
7. Viruses

Question 17

Name some examples of a malicious code

Answer 17

1. Trojan Horses
2. Worms
3. Spyware
4. Ransomware
5. Denial of service attack (ddos)

Question 18

What is IT risk management?

Answer 18

The process of identifying and measuring information systems security risks

Question 19

Name three risk mitigation strategies

Answer 19

1. Risk acceptance
2. Risk reduction
3. Risk transference