Information Security 2

Question 1

INFORMATION ASSURANCE

Answer 1

Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and
non-repudiation.

Question 2

INFORMATION SECURITY

Answer 2

Preservation of confidentiality, integrity and availability of information. In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.

Question 3

KEY PRINCIPLES OF
INFORMATION SECURITY

Answer 3

1. confidentiality
2. integrity
3. availability

Question 4

CONFIDENTIALITY

Answer 4

The act of protecting data from being observed by any
unauthorized persons

Question 5

AVAILABILITY

Answer 5

The act in which Information is accessible by authorized users whenever they request the information

Question 6

INTEGRITY

Answer 6

The act of maintaining and assuring the accuracy and completeness of data over its entire lifecycle

Question 7

CYBERSECURITY

Answer 7

• is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.
• ensures the security and maintenance of the organization and user’s assets include the computing devices, personnel, infrastructure, applications, services, telecommunications systems and the totality of transmitted and/or stored information in the cyber environment.

Question 8

The general security objectives comprise the following:

Answer 8

• Availability
• Integrity, which may include authenticity and non-repudiation
• Confidentiality

Question 9

Organization and User’s
Assets

Answer 9

1. personnel/user domain
2. computing devices
3. infrastructure
4. network
5. services
6. telecommunications
7. system/application

Question 10

Cybersecurity vs. Information Security:
CYBERSECURITY

Answer 10

• all about protecting data that is found in electronic form (such as computers, servers, networks, mobile devices, etc.) from being compromised or attacked.
• Cybersecurity involves identifying what the critical data is, where it resides, its risk exposure, and the technology you have to implement in order to protect it

Question 11

Cybersecurity vs. Information Security:
INFORMATION SECURITY

Answer 11

is another way of saying “data security.” For a more technical definition, NIST defines information security as “the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

Question 12

Security of network and information systems Security of network and information systems

Answer 12

ability of network and information systems to resist, at a given level of confidence, any action that compromises the availability, authenticity, integrity or confidentiality of stored or transmitted or processed data or the related services offered by, or accessible via, those network and information systems.

Question 13

Phases of a Security Lifecycle

Answer 13

1. identify
2. prevent
3. detect
4. respond
5. recover

Question 14

IDENTIFY

Answer 14

developing the organisational understanding to manage cybersecurity risk to systems, assets, data and capabilities

Question 15

PREVENT

Answer 15

safeguards to ensure delivery of critical infrastructure services

Question 16

DETECT

Answer 16

activities to identify the occurrence of a cybersecurity event

Question 17

RESPOND

Answer 17

activities to take action regarding a detected cybersecurity event

Question 18

RECOVER

Answer 18

maintaining plans for resilience and restoring any capabilities or services impaired due to a cybersecurity event

Question 19

DISCIPLINES CONTRIBUTING TO
INFORMATION SECURITY

Answer 19

1. business
2. economics
3. education
4. law
5. mathematics
6. psychology

Question 20

BUSINESS

Answer 20

appreciating the organisational context in which the
protection is required and the importance of security in terms of areas such as maintaining brand reputation, supporting business continuity and minimising business risk.

Question 21

ECONOMICS

Answer 21

understanding the value of security controls relative to costs of exposure and linking to factors such as return on (security) investment

Question 22

EDUCATION

Answer 22

supporting areas such as user awareness and training, each being steps towards the boarder goal of achieving a security culture amongst the staff community

Question 23

LAW

Answer 23

recognising the laws that require us to preserve security, and those relevant in a response to incidents, as well as linking to criminology in relation to understanding the nature and motivation of some of the attackers that may be faced

Question 24

MATHEMATICS

Answer 24

providing the underpinnings for a variety of security techniques, including cryptography and access control.

Question 25

PSYCHOLOGY

Answer 25

helping us to understand how users perceive issues such as security and trust, as well as predicting how users may behave in risk scenarios and the factors that may influence their response

Question 26

Three types of users

Answer 26

1. malicious users, 2. untrained users, 3. careless user

Question 26

USER

Answer 26

considered to be the weakest link in information security.They are malicious users, untrained users, and careless users

Question 26

Weakest Link in the Security of an IT Infrastructure

Answer 26

1. users 2. human error 3. common threat

Question 26

HUMAN ERROR

Answer 26

is a major risk and threat to any organization

Question 26

Related Areas supported by security

Answer 26

1. artificial intelligence 2. system analysis and design 3. software engineering 4. networking 5. computer science 6. database 7. human computer interaction

Question 26

COMMON THREATS

Answer 26

hacking and phishing and malware threats such as viruses, worms and Trojan horses

Question 26

ARTIFICIAL INTELLIGENCE

Answer 26

AI techniques have significant potential to aid security technologies and decision processes, need to be secure against compromise, given the increasing trust and reliance that is placed on them

Question 26

DATABASE

Answer 26

Given that database technologies are often used to store the most valuable asset (the data), the security considerations here include preventing unauthorised disclosure and modification of the stored data,

Question 26

HUMAN COMPUTER INTERACTION

Answer 26

Systems that are designed and implemented without taking their users into account can often end up causing mistakes, which in turn could compromise security

Question 26

NETWORKING

Answer 26

data is sent over the network, and the network connections seeking to protect, it is important to consider the security at the networking level in terms of protecting data in transit and controlling the permitted connectivity between the end-systems and devices

Question 27

SOFTWARE ENGINEERING

Answer 27

Recognising that many vulnerabilities can also occur as a result of the way code was written rather than a fundamental design flaw

Question 28

SYSTEMS ANALYSIS AND DESIGN

Answer 28

Security needs to be considered within the specification and design of new systems, such that it is recognised and incorporated from the outset rather than needing to be retrofitted at a later stage

Question 29

Elements of information security puzzle

Answer 29

1. Technical 2. Procedural 3. Personnel 4. Legal 5. Physical

Question 30

IMPACTS ON SECURITY BREACH

Answer 30

1. disclosure 2. denial of access 3. modification 4. destruction

Question 31

DISCLOSURE

Answer 31

data is disclosed to an unauthorised party

Question 32

DENIAL OF ACCESS

Answer 32

data, or a system containing it, becomes unavailable

Question 33

MODIFICATION

Answer 33

data is changed as a result of the breach

Question 34

DESTRUCTION

Answer 34

data is lost as a result of the breach

Question 35

9 Steps for Information Risk Management Regime

Answer 35

1. secure configuration 2. network security 3. managing user privileges 4. user education and awareness 5. incident management 6. malware prevention 7. monitoring 8. removable media controls 9. home and mobile working