Lecture 1

Question 1

What is Data?

Answer 1

Raw facts and figures without context

Examples include numbers, dates, and strings such as ‘192.168.0.1’ or ‘2024-08-12’.

Question 2

What is Information?

Answer 2

Data that is processed and attributed meaning

Information is derived from data, such as knowing ‘Bob logged into the system’.

Question 3

What is Information Security? Why is it important?

Answer 3

The Protection of digital information that has value to people and organizations. It’s important to protect sensitive data from threats, and ensure privacy.

Safeguarding data from unauthorized access and damage.

Question 4

What are the three vectors of protection in Information Security?

Answer 4

Confidentiality, Integrity, Availability

Often referred to as the CIA Triad.

Question 5

What does Confidentiality refer to in Information Security?

Answer 5

Only approved individuals may access information

It ensures that sensitive data is not disclosed to unauthorized parties.

Question 6

What does Integrity refer to in Information Security?

Answer 6

Information is correct and unaltered

It ensures that data remains consistent and trustworthy.

Question 7

What does Availability refer to in Information Security?

Answer 7

Information can be accessed by authorized individuals

It ensures that users can access information when needed.

Question 8

What is an Asset in Information Security?

Answer 8

Item of value

Assets can include data, hardware, software, and intellectual property.

Question 9

What is a Threat in Information Security?

Answer 9

Actions or events that have potential to cause harm

Question 10

T/F - Threats purely refer to intentional actions that have potential to cause harm

Answer 10

False. Threats can be intentional or unintentional (e.g., natural disasters).

Question 11

What is a Threat Agent?

Answer 11

Person or element with power to carry out a threat

Examples include cybercriminals, insiders, or natural phenomena.

Question 12

What is a Vulnerability?

Answer 12

Flaw or weakness by which a threat agent can bypass security

Vulnerabilities can exist in software, hardware, or processes.

Question 13

What is Risk in the context of Information Security?

Answer 13

Probability that a vulnerability can be exploited by a threat agent

Risk management involves assessing and mitigating potential threats.

Question 14

What are the additional principles of Information Security?

Answer 14

Authenticity, Non-Repudiation

Authenticity ensures that subjects or objects are genuine, while non-repudiation means a subject cannot deny their signature on a document.

Question 15

Fill in the blank: The three principles of Information Security are _______, ________, and ________.

Answer 15

Confidentiality, Integrity, Availability

Question 16

True or False: Risk can be entirely eliminated in Information Security.

Answer 16

False

Risk cannot be eliminated entirely due to cost and time constraints.

Question 17

What is Risk Residue?

Answer 17

Some degree of risk must be assumed

It refers to the remaining risk after all mitigation measures have been applied.