Module 5: L2

Question 1

When implementing IS policy, one must address the concerns of top management. What are 3x concerns they may have?

Answer 1

1. Value info has for the business
2. How IS contributes to business objectives
3. How info can be made more secure

Question 2

When implementing IS, perception and commitment of ______ ________ are critical

Answer 2

top management

Question 3

IS begins with top management. They need to identify critical business processes and classify them as critical, important, or routine, like:

Answer 3

1. Star performers
2. Failure in a process severely impacts the organization
3. Delays in a process are unacceptable

Question 4

What are the 3x pillars of security?

Answer 4

Confidentiality
Integrity
Availability

Question 5

When doing vulnerability assessments, what are some features considered for each one?

Answer 5

1. Natural origin
2. Human made origin
3. Location of action

Question 6

What are some components affected by vulnerabilities?

Answer 6

1. Software
2. Hardware
3. People
4. Services
5. Documents

Question 7

Given organizational structure, one should estimate likelihood of leakage within certain flows:

Answer 7

1. Subordination flow
2. Info flow
3. Human factors
4. IT infrastructure

Question 8

Info leakage rules. Info leakage increases with (3x):

Answer 8

1. Number of subjects with access
2. Number of transactions
3. Ability to modify info does not correspond with increasing level of security

Question 9

What are 4x forms of human error in IS?

Answer 9

1. Secret info leaked unintentionally or on purpose
2. Secret info mistakenly forwarded to lower security level
3. Info sent to wrong person by mistake
4. Unauthorized person sends data