Intro

Question 1

Define the CIA Triad

Answer 1

The protection of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

Question 2

What make up the CIA Triad

Answer 2

Confidentiality, Integrity, and Availability

Question 3

Define Confidentiality

Answer 3

Confidentiality is synonymous with privacy. Confidentiality measures prevent data from falling into the hands of people who do not have authorization to access said information.

Question 4

Define Integrity

Answer 4

In the information technology world, integrity is all about making sure information is accurate and always stays that way.

Question 5

Define Availability

Answer 5

Ensuring availability requires routine maintenance and upgrading of hardware, software and operating system environments.

Question 6

Vulnerability

Answer 6

A flaw, loophole, oversight, or error that can be exploited to violate system security policy.

Question 7

Threat

Answer 7

A threat is an event, natural or man made, able to cause negative impact to an organization.

Question 8

Exploit

Answer 8

An exploit is a defined way to breach the security of an IT system through a vulnerability.

Question 9

Risk

Answer 9

It is a situation involving exposure to danger.

Question 10

Vulnerability Assessment

Answer 10

A vulnerability assessment is a search for these weaknesses/exposures in order to apply a patch or fix to prevent a compromise.
- Many systems are shipped with: known and unknown security holes and bugs, and insecure default settings (passwords, etc).
- Many vulnerabilities occur as a result of misconfigurations by system administrators.

Question 11

What are the Roles in Information Security?

Answer 11

CISO (Chief Information Security Officer)
Information Security Architect
Information security consultant/ Specialist
Information security analyst
Information security auditor
Security software developer
Penetration tester/ Ethical hacker
Vulnerability assessor
digital forensic analyst
SEM Engineer

Question 12

Role of Information Security Officer

Answer 12

The chief information security officer is a high-level management position responsible for the entire computer security department and staff.

Question 13

Define Information Security Analyst

Answer 13

this position conducts information security assessments for organizations and analyzes the events, alerts, alarms and any information that could be useful to identify any threats that could compromise the organization.

Question 14

Role of information security auditor

Answer 14

this position is in charge of testing the effectiveness of computer information systems, including the security of the systems and reports their findings.

Question 15

Security Program

Answer 15

Evaluate, create teams, baselines, identify and model threats, uses cases, risk, monitoring and control.

Question 16

Asset Manage

Answer 16

classification, implementation steps, asset control, documents.

Question 17

Admin Controls

Answer 17

Policies, procedures, standards, user education, incident respond, disaster recovery, compliance and physical security.

Question 18

Tech Controls

Answer 18

Network infra, servers, identity management, vulnerability management, monitoring and logging.