Isc^2

Question 1

An data about an individual that could be used to identify them.

Answer 1

PII
Personally a identifiable Information

Question 2

Information regarding one’s health status

Answer 2

PHI
Protected Health Information

Question 3

Includes trade secrets, research, business plans, and intellectual property

Answer 3

Classified Sensitive Information

Question 4

Level of importance assigned to information by its owner or the purpose of denoting its need for protection.

Answer 4

Sensitivity

Question 5

Something you now

Answer 5

Passwords or phrases

Question 6

Something you have

Answer 6

Tokens, memory cards, smart cards

Question 7

Something you are

Answer 7

Biometrics, measurable characteristics

Question 8

Process to prove the identity of the request or

Answer 8

Authentication

Question 9

Protection against an individual falsely denying having performed a particular action.

Answer 9

Non-repudiation

Question 10

A measure of the extent to which an entity is threatened by a potential circumstance or event

Answer 10

Risk

Question 11

Something in need of protection

Answer 11

ASSET

Question 12

A gap or weakness in those protection efforts

Answer 12

Vulnerability

Question 13

Something or someone that aims to exploit a vulnerability to thwart protection efforts.

Answer 13

Threat

Question 14

Taking no action to reduce the likelihood of a risk occurring

Answer 14

Risk Acceptance

Question 15

Decision to attempt to eliminate the risk entirely

Answer 15

Risk avoidance

Question 16

Prevent or reduce the possibility of a risk event or it’s impact

Answer 16

Risk mitigation

Question 17

Passing the risk onto another party

Answer 17

Risk Transfer

Question 18

A method of risk analysis that is based on the assignment of a descriptor such as low medium or high

Answer 18

Qualitative Risk Analysis

Question 19

A method of risk analysis where numerical values are assigned to both impact and likelihood based on statistical probabilities and monetarized valuation of loss or gain.

Answer 19

Quantitative Risk Analysis

Question 20

Pertain to the physical, technical, and administrative mechanism that act as safeguards or countermeasures prescribed for an information system to protect the confidentiality, integrity, and availability of the system and it’s information.

Answer 20

Security Controls

Question 21

Address process based security needs using physical hardware devices such as badge readers, features on buildings and facilities,

Answer 21

Physical Controls

Question 22

Security controls that systems and networks directly implement. Provide automated protection from unauthorized access and misuse and facilitate detection of security violations and support.

Answer 22

Technical Controls

Question 23

Are directives, guidelines, or advisories aimed at the people within the organization. Provide framework, constraints and standards for the entire organization.

Answer 23

Administrative Controls

Question 24

HIPAA

Answer 24

Health insurance portability and accountability act of 1996

Governs the use of PHI in the US

Question 25

GDPR

Answer 25

General Data Protection Regulation

Control the use of PII of its citizens in Europe

Question 26

Policies

Answer 26

Highest level of governance documents in an organization usually approved and issued by management to support compliance initiatives

Question 27

Procedures help when step by step instructions are needed

Question 28

Laws and regulations

Answer 28

Are usually mandated by a government agency.

Question 29

Security commensurate with the risk and magnitude of harm resulting from the loss misuse or unauthorized access to or modification of information.

Answer 29

Adequate security

Question 30

A documented losers level of security configuration allowed by a standard or organization

Answer 30

Baseline

Question 31

Malicious code that acts like a remotely controlled robot or an attacker.

Answer 31

Bot

Question 32

Information that has been determined to require protection against unauthorized disclosure and is marked to indicate its classified status and level

Answer 32

Classified or Sensitive Information

Question 33

A measure of degree to which an organization depends on the information or info system for the success of a mission or biz function

Answer 33

Criticality

Question 34

Process of how an organization or managed usually includes all aspects of how decisions are made for that organization such as policies roles procedures.

Answer 34

Governance

Question 35

Magnitude of harm that could be used by a threats exercise of a vulnerability

Answer 35

Impact

Question 36

Potential adverse impacts to an organizations operation assets, individuals other organization and even the nation.

Answer 36

Information Security Risk

Question 37

The internet standards organization made up of network designers operators vendors and researchers that define protocols through standards (IP , TCP, DNS) through process of collaboration and consensus

Answer 37

IETF Internet Engineering Task Force

Question 38

Probability that a potential vulnerability may be exercised within the construct of the associated environment

Answer 38

Likelihood

Question 39

Weighted factor based on subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or set of vulnerabilities

Answer 39

Likelihood of Occurrence

Question 40

Using two or more sustain the instances of of 3 factors of authentication (something you know, something you have, something you are)

Answer 40

Multi factor Authentication

Question 41

Apart of the US Department of commerce and addresses the measurement infrastructure within the science and technology efforts within the government.
Sets standards within Computer Security Resource Center of the Computer Security Divisions

Answer 41

National Institute of standards and Technology (NIST)

Question 42

The inability to deny taking action such as creating information, approving information and sending or receiving a message.

Answer 42

Non-repudiation

Question 43

Any information that can be used to trace a persons individual identity

Answer 43

Personally Identifiable Information
PII

Question 44

Controls implemented through a tangible mechanism. Examples include walls, fences, guards, locks etc.

Answer 44

Physical controls

Question 45

The right of an individual to control the distribution of the information about themselves

Answer 45

Privacy

Question 46

The chances or likelihood that a given vulnerability or a set of vulnerabilities

Answer 46

Probability

Question 47

Information regarding health status, the provision of healthcare or payment for healthcare as defined in HIPPA

Answer 47

Protected Health Information
PHI