Introduction

Question 1

How do we define information security?

Answer 1

IS is about ensuring

• Confidentiality
• Integrity
• Availability

Question 2

What is Confidentiality in IS?

Answer 2

Confidentiality is the principle of restricting access to information

Question 3

What is Integrity in IS?

Answer 3

Integrity is about preventing improper or unauthorized change of data

Question 4

What is Availability in IS?

Answer 4

Availability is about making sure that information is accessible when needed (by authorized persons)

Question 5

What is Authentication?

Answer 5

confirming the identity of an entity

Question 6

What is Non-Repudiation?

Answer 6

an entity’s inability to refute an earlier action

Question 7

What is a threat?

Answer 7

a potential danger to an (information) asset

Question 8

What is an attack?

Answer 8

an action that actually leads to a violation of security

Question 9

What is a vulnerability?

Answer 9

a weakness that makes an attack possible

Question 10

What are Security Controls?

Answer 10

mechanisms to protect information against

• unauthorized access (ensuring confidentiality)
• unauthorized modification (ensuring integrity)
• destruction/denial-of-service (ensuring availability)

Question 11

What are the three types of controls?

Answer 11

• Physical
• Technical
• Administrative

Question 12

What are three examples of Physical Controls?

Answer 12

locks
security guards
alarms

Question 13

What are three examples of Technical Controls?

Answer 13

passwords
antivirus software
encryption

Question 14

What are three examples of Administrative Controls?

Answer 14

staff training
clear responsibilities
policies and procedures

Question 15

Why are administrative controls important?

Answer 15

Security is only as strong as the weakest link

Very often, people are the weakest link