Information Security 6 Flashcards
What are the three threat categories in information asset protection?
- Intentional
- Natural
- Inadvertent
To assess these types of threats, one must identify potential adversaries and evaluate their capability and intention to target key information assets.
Intentional Threats
These types of threats can be attributed to inadequate employee training, misunderstandings, lack of attention to detail, lax security enforcement, pressure to produce deliverables, and insufficient staffing.
Inadvertent threats
How does layered protection apply to information protection?
- Apply multiple levels of protection to information assets
- Ensure that layers of protection complement each other
- Build a coordinated strategy that integrates families of protective measures (e.g. technical, physical, access control)
Access to internal information should be restricted to which groups?
Company personnel and those who have signed a nondisclosure agreement
How should obsolete prototypes, models, and test items be disposed of?
They should be destroyed so that they can’t be reverse engineered
What is a patent?
Information that has the government rant of a right, privilege, or authority to exclude others from making, using, marketing, selling, offering for sale, or importing an invention for a specified period granted to the inventor if the device or process is novel, useful, and non-obvious.
What is a trademark?
Legal protection for words, names, symbols, devices, or images applied to products or used in connections with goods or services to identify their source
What is a copyright?
A property right in an original work of authorship fixed in any tangible medium of expression, giving the holder the exclusive right to reproduce, adapt, distribute, perform, and display the work.
What is the best way to start addressing infringements of patents, copyrights, an trademarks?
By registering those rights.h
What are four response options when a copyright has been violated?
- Hire legal counsel
- Informing the proper authorities
- Conducting investigations, raids and seizures
- Initiating civil litigation, administrative proceedings, and criminal prosecutions
What qualifies something as a trade secret?
- The information added value or benefit to the owner
- The trade secret was specifically identified
- The owner provided a reasonable level of protection for the information.
What is a non-disclosure agreement?
A legal contract that establishes a relationship between two or more parties outlining confidentiality and the responsibility of protecting information.
What is proprietary information?
Information of value, owned by an entity or entrusted to it, which has not been disclosed publicly.
What are the two primary aspects of recovery after an information loss?
- Return to normal business operations as soon as possible
- Implement measures to prevent a recurrence.
What is confidentiality?
The ability to control the authorization to observe, access, share, or disseminate information.
When is it appropriate to recycle papers that contain proprietary information?
When the papers have been properly destroyed.
What is data mining?
Software-driven collection of open-source data and public information.
What are three ways to solidify confidentiality expectations in employees and business partners?
- Confidentiality
- Intellectual property
- Nondisclosure agreements.
What is counterfeiting?
The manufacturing or distribution of goods under someone else’s name, and without their permission.
What is piracy?
The act of copying, stealing, reproducing, transmitting, or selling the intellectual property of another without consent.
What three aspects of information must be protected?
- Confidentiality
- Integrity
- Availability.
What should be included in regularly performed information asset protection risk assessments?
Risk monitoring to address changes in security requirements as well as changes in the nature of the information assets, threats, frequency of threat occurrence, vulnerabilities, and impacts.
What are five business impacts of an information asset loss event?
- Loss of company reputation/image/goodwill
- Loss of competitive advantage in one product/service
- Reducted projected/anticipated returns or profitability
- Loss of core business technology or process
- Loss of competitive advantage in multiple products/services.
To what extent should information asset protection programs be tailored?
The organization’s size, type, strategy, mission, and operating environment.