Information Security

Question 1

What is the Primary Objective to information security?

Answer 1

To Ensure the Confidentiality, Integrity, and Availability of electronic info and resources

Information Security wants to make sure these things are as strong as possible

Question 2

What is the Info Security Triad?

Answer 2

Confidentiality
Integrity
Availability

Question 3

What is meant by Confidentiality?

Answer 3

Limiting the access of information to a select group of people

how much protection should be applied for who should have access to your info

Question 4

What is meant by Integrity?

Answer 4

Make sure the info and info systems are running the way that they should be, and are not corrupted by unauthorized changes

Question 5

What is meant by Security?

Answer 5

You want the info and info systems to be available to authorized users when they want/need it

Question 6

What are Vulnerabilities?

Answer 6

any security laps or weakness with people, hardware, software or architecture

Question 7

What are Threats?

Answer 7

the source of the bad stuff, anything that can mess up our C.I.A.

Question 8

What are Risks?

Answer 8

Overall equation, involving threats and vulnerabilities and safeguards put in place and you get a risk picture, overall picture of likelihood of something bad happening

Question 9

What is Defense in Depth?

Answer 9

Preparing/Taking Security Measures

the best way to approach info security is to follow a multi-faceted model, often called Defense in Depth

Various models exists (DOD, NSA)

Question 10

What are the 2 Advantages of Defense in Depth?

Answer 10

1. Help you make better decision with asset allocation

2. Make sure you don’t overlook something