Introduction

Question 1

Define information security

Answer 1

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction

Question 2

PCI Dss

Answer 2

Payment Card Industry Data Security Standard

Question 3

FISMA

Answer 3

Federal Information Security Management Act – defines security standards for many agencies in the US

Question 4

CIA triad

Answer 4

Confidentiality, Integrity, Availability

Question 5

Confidentiality

Answer 5

CIA leg
ability to protect data from those who are not authorized to view it

Question 6

Integrity

Answer 6

CIA leg
prevent people from changing your data in an unauthorized or undesirable manner

Question 7

Availability

Answer 7

CIA leg
ability to access our data when we need it

Question 8

Parkerian hexad

Answer 8

Donn Parker
CIA- confidentiality, integrity, availability
Authenticity
Utility
Possession

Question 9

Authenticity

Answer 9

Parkerian hexad leg
allows you to say whether you’ve attributed data in question to proper creator

Question 10

Possession

Answer 10

Parkerian hexad leg
AKA control
physical disposition of the media on which the data is stored

Question 11

Utility

Answer 11

Parkerian hexad
how useful the data is to you
Not binary

Question 12

Confidentiality attack(s)

Answer 12

Interception

Question 13

Integrity attacks

Answer 13

Interruption
Modification
Fabrication

Question 14

Availability attacks

Answer 14

Interruption
Modification
Fabrication

Question 15

Interception

Answer 15

Attack which allows unauthorized users to access your data, applications, or environment
Affects confidentiality

Question 16

Interruption

Answer 16

Attack which makes your assets unusable or unavailable to you on a temporary or permanent basis
Affects availability and sometimes integrity

Question 17

Modification

Answer 17

Attack that involves tampering with an asset
Primarily affects integrity but could also be availability

Question 18

Fabrication

Answer 18

Attack that involves generating data, processes, communications within a system
Affects integrity and sometimes availability

Question 19

Threat

Answer 19

Something that has the potential to cause harm

Question 20

Vulnerability

Answer 20

Weaknesses, or holes, that threats can exploit to cause harm

Question 21

Risk

Answer 21

The likelihood that something bad will happen
Needs to have both threat and requisite vulnerability

Question 22

Impact

Answer 22

Takes into account value of the asset being threatened and uses it to calculate risk

Question 23

Risk management process

Answer 23

Identify assets
Identify threats
Assess vulnerabilities
Assess risks
Mitigate risks

Question 24

Identify assets

Answer 24

Part of risk management process – 1
Enumerate and evaluate each asset

Question 25

Identify threats

Answer 25

Part of risk management process – 2
Use CIA or Parkerian hexad to examine threats

Question 26

Assess vulnerabilities

Answer 26

Part of risk management process – 3
In context of potential threats

Question 27

Assess risks

Answer 27

Part of risk management process – 4
Vulnerabilities must have a matching threat, and vice versa, to constitute a risk

Question 28

Mitigate risks

Answer 28

Part of risk management process – 6
Put measures in place to account for each threat – called controls

Question 29

Control

Answer 29

Measure put in place to mitigate a risk

Question 30

Control categories

Answer 30

Physical controls
Logical controls
Administrative controls

Question 31

Physical control

Answer 31

Protect the physical environment in which your systems sit or your data is stored

Question 32

Logical control

Answer 32

AKA technical control
Protect the systems, networks, and environments that process, transmit, and store your data
Ex: passwords, encryption, firewalls

Question 33

Administrative control

Answer 33

Dictate how users of the environment should behave
Ex: change password every 90 days
Important to have ability to enforce them

Question 34

Incident response definition

Answer 34

When risk management efforts fail or you are blindsided by something new

Question 35

Incident response process

Answer 35

Preparation
Detection and analysis
Containment
Eradication
Recovery
Post-incident activity, AKA post-mortem

Question 36

Preparation

Answer 36

Part of incident response process – 1
All the activities you can perform ahead of time to better handle an incident

Question 37

Detection and analysis

Answer 37

Part of incident response process – 2
Detect issue to see whether or not it’s an incident
Use tools like intrusion detection (ID), antivirus software, firewalls
Combo of tool and human judgment

Question 38

Containment

Answer 38

Part of incident response process – 3
Take steps to ensure the situation causes no more damage or lessen ongoing harm

Question 39

Eradication

Answer 39

Part of incident response process – 4
Attempt to remove the effects of the issue from the environment

Question 40

Recovery

Answer 40

Part of incident response process – 4
Restore the state you were in prior to the incident

Question 41

Post-incident activity, AKA post-mortem

Answer 41

Part of incident response process – 6
Determine what happened, why it happened, and what you can do to keep it from happening again

Question 42

Defense in depth

Answer 42

Formulate a multilayered defense that will allow you to still mount a successful resistance should one or more of your defensive measures fail
Varies for each specific environment

Question 43

Defense levels

Answer 43

External network
Network perimeter
Internal network
Host
Application
Data