Lesson 1

Question 1

Where the history of information security begins.

Answer 1

Computer Security

Question 2

The practice of protecting information and its critical elements by mitigating risks; a part of information risk management.

Answer 2

Information Security

Question 3

When did computer security begin?

Answer 3

Computer security began immediately after the first mainframes were developed.

Question 4

WHEN: Department of Defense’s Advanced Research Project Agency (ARPA); feasibility of redundant networked communications.

Answer 4

1960s

Question 5

WHEN: Popularity and misuse of ARPANet grew and had two (2) fundamental security problems.

Answer 5

1970s & 1980s

Question 6

What were the two (2) fundamental security problems experienced by the popularity of ARPANET during the 1970s & 1980s?

Answer 6

No safety procedures for dial-up communication to the ARPANET.
User identification and authorization were non-existent.

Question 7

WHEN: The microprocessor expanded computing capabilities and security threats.

Answer 7

Late 1970s

Question 8

Who developed the ARPANET project during the 1960s?

Answer 8

Larry Roberts

Question 9

When was the ARPANET Program Plan released?

Answer 9

June 3, 1968

Question 10

Where information security and the study of computer security began.

Answer 10

R-609

Question 11

What was the scope of R-609? (4)

Answer 11

Physical Security
Data Safety
Limited unauthorized access to data.
Involvement of personnel from multiple organization levels.

Question 12

WHEN: Computer networks grew prevalent; the internet was commercialized.

Answer 12

1990s

Question 13

WHEN: The internet became a medium of thousands of communication; security is reliant; everyone is vulnerable.

Answer 13

2000s to Present Day

Question 14

The state of being secure, to be free from danger, and or be protected from adversaries; a balance of protection and availability.

Answer 14

Security

Question 15

What are the multiple layers of security? (5)

Answer 15

Physical Security
Personal Security
Operations Security
Communications Security
Network Security

Question 16

To manipulate or modify another subject.

Answer 16

Access

Question 17

The resource being safeguarded.

Answer 17

Asset

Question 18

Can harm information and the system that supports it.

Answer 18

Attack

Question 19

The mechanisms used to counter assaults.

Answer 19

Control / Safeguard / Countermeasure

Question 20

The act of compromising a system.

Answer 20

Exploit

Question 21

A condition of state.

Answer 21

Exposure

Question 22

A single instance of an information asset being damaged in an illegal manner.

Answer 22

Loss

Question 23

A collection of controls and protections.

Answer 23

Protection Profile / Security Posture

Question 24

The likelihood for something unfavorable to happen.

Answer 24

Risk

Question 25

The tool used for an attack (subject); target (object).

Answer 25

Subjects & Objects

Question 26

A group of items, people, or other entities that pose a ____ to an asset; represents a constant danger to an asset.

Answer 26

Threats

Question 27

A specific instance of a threat; damages or steals information.

Answer 27

Threat Agent

Question 28

A flaw or weakness in the system that allows damage.

Answer 28

Vulnerability

Question 29

What are the values involved in the CIA Triad? (8)

Answer 29

Confidentiality
Integrity
Availability
Accuracy
Authenticity
Phishing
Utility
Possession

Question 30

A core concept of the CIA Triad that is closely tied to privacy.

Answer 30

Confidentiality

Question 31

What are the components of an information system? (6/7)

Answer 31

Software
Hardware
Data
People
Procedures
Networks

Laptop Thefts…?

Question 32

Security from grass-roots effort, technical expertise of individual admins; seldom works; lack of participant support and organizational staying power.

Answer 32

Bottom-up Approach

Question 33

Initiated by upper management; has strong upper management support, a dedicated champion, dedicated funding, clear planning, and the chance to influence organizational culture.

Answer 33

Top-down Strategy

Question 34

Supports specialized implementations of a security project; a coherent program rather than a series of random actions.

Answer 34

Security Systems Development Life Cycle (SecSDLC)

Question 35

The Security Systems Development Life Cycle (SecSDLC) can be… (2)

Answer 35

Event-driven
Plan-driven

Question 36

A SecSDLC that serves as a response to an occurrence.

Answer 36

Event-driven

Question 37

A SecSDLC that serves as a result of an implementation strategy.

Answer 37

Plan-driven

Question 38

What are the phases of the SecSDLC? (6)

Answer 38

1 | Investigation
2 | Analysis
3 | Logical Design
4 | Physical Design
5 | Implementation
6 | Maintenance & Change

Question 39

Create blueprints for security

Answer 39

Logical Design & Physical Design

Question 40

The senior technology officer.

Answer 40

Chief Information Officer

Question 41

Also referred to as the Manager for Security, the Security Administrator, or a similar title.

Answer 41

Chief Information Security Officer

Question 42

Individuals experienced in one or multiple requirements of technical and non-technical areas.

Answer 42

Information Security Project Team

Question 43

An Information Security Project Team is usually composed of… (7)

Answer 43

Champion
Team Leader
Security Policy Developers
Risk Assessment Specialists
Security Professionals
Systems Administrators
End Users

Question 44

The weakest link in the security chain.

Answer 44

End Users

Question 45

Responsible for the security and use of a particular set of information.

Answer 45

Data Owner

Question 46

Responsible for the storage, maintenance, and protection of information.

Answer 46

Data Custodian

Question 47

The end systems users who work with the information.

Answer 47

Data Users

Question 48

What are the communities of interest of an Information Security Project Team? (3)

Answer 48

Information Security Management & Professionals
Information Technology Management & Professionals
Organizational Management & Professionals

Question 49

No hard and fast rules, nor many universally accepted solutions, no magic user’s manual, complex levels of interactions.

Answer 49

Security as Art

Question 50

Dealing with technology designed to perform at high levels of performance, specific conditions cause actions, faults can be resolved with sufficient time.

Answer 50

Security as Science

Question 51

Examines the behavior of individuals interacting with the systems.

Answer 51

Security as Social Science