Lesson 1: Comparing Security Roles and Security Controls Flashcards

1
Q

What does Information Security (InfoSec) refer to?

A

The protection of data resources from unauthorized access, attack, theft, or damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the protection of data resources from unauthorized access, attack, theft, or damage referred to as?

A

Information Security (InfoSec).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How many properties comprise Secure Information?

A

Three.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the properties of Secure Information referred to as?

A

CIA Triad.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The CIA Triad are referred to as the properties of what?

A

Secure Information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does CIA Triad stand for?

A

Confidentiality, Integrity, Availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the CIA Triad also referred to as?

A

AIC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AIC is also referred to as?

A

CIA Triad.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define Confidentiality.

A

Certain information should only be known to certain people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What word explains that certain information should only be known to certain people.

A

Confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define Integrity.

A

Data is stored and transferred as intended and that any modification is authorized.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What word explains that data is stored and transferred as intended and that any modification is authorized?

A

Integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define Availability.

A

Information is accessible to those authorized to view or
modify it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What word explains that information is accessible to those authorized to view or
modify it.

A

Availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is an example of another property that secure systems should exhibit?

A

Non-repudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define non-repudiation.

A

A subject cannot deny doing something, such as creating, modifying, or
sending a resource.

17
Q

What word explains that a subject cannot deny doing something, such as creating, modifying, or sending a resource.

A

Non-repudiation.

18
Q

What does cybersecurity refer to?

A

Provisioning secure processing hardware and software.

19
Q

What is the provisioning secure processing hardware and software referred to as?

A

Cybersecurity.

20
Q

How many functions can information and cyber security be classified as?

A

Five.

21
Q

Who developed the functions that information and cyber security be classified as?

A

National Institute of Standards and Technology (NIST).

22
Q

What is the National Institute of Standards and Technology (NIST) known for?

A

Developing the functions that classify information and cyber security functions.

23
Q

What are the five functions that classify information and cyber security?

A

Identify, Protect, Detect, Respond, Recover.

24
Q

Based on NIST, define Identify.

A

Develop security policies and capabilities that evaluate risks, threats, and
vulnerabilities and recommend security controls to mitigate them.

25
Q

Based on NIST, what is defined as the development of security policies and capabilities to evaluate risks, threats, and
vulnerabilities and recommend security controls to mitigate them.

A

Identify.

26
Q

Based on NIST, define Protect.

A

Procure/develop, install, operate, and decommission IT hardware and
software assets with security as an embedded requirement of every stage of this operations life cycle.

27
Q

Based on NIST, what is defined as the procurement/development, install, operate, and decommission IT hardware and software assets with security as an embedded requirement of every stage of this operations life cycle.

A

Protect.

28
Q

Based on NIST, define detect.

A

Perform ongoing, proactive monitoring to ensure that controls are effective
and capable of protecting against new types of threats.

29
Q

Based on NIST, what is defined as performing ongoing, proactive monitoring to ensure that controls are effective
and capable of protecting against new types of threats.

A

Detect.

30
Q

Based on NIST, define respond.

A

Identify, analyze, contain, and eradicate threats to systems and data security.

31
Q

Based on NIST, what is defined as identify, analyze, contain, and eradicate threats to systems and data security.

A

Respond.

32
Q

Based on NIST, define recover.

A

Implement cybersecurity resilience to restore systems and data if other
controls are unable to prevent attacks.

33
Q

Based on NIST, what is defined as implementing cybersecurity resilience to restore systems and data if other
controls are unable to prevent attacks.

A

Recover.

34
Q

What are some information security competencies?

A

-Risk assessments, test security systems, make recommendations.
-Specify, source, install, and configure secure devices and software.
-Set up/maintain document access control and user privilege profiles.
-Monitor audit logs, review user privileges, and document access controls.
-Manage security-related incident response and reporting.
-Create and test business continuity and disaster recovery plans/procedures.
-Participate in security training and education programs.

35
Q

Define security policy.

A

A formalized statement that defines how security will be implemented within an organization.

36
Q

What does a security policy describe?

A

The means the organization will take to protect the confidentiality, availability, and integrity of sensitive data and resources.

37
Q

What are the typical information security roles?

A

-Chief Information Security Officer (CISO)
-Information Systems Security Officer (ISSO)
-managers, users