Section 1: Cybersecurity Introduction Flashcards
The following factors can affect information security except:
a. Business plans
b. Server environment
c. Available information technology
d. Security process or system
b. Business environment, not server environment, can affect information security.
The following are drivers when evaluating business plans and general business environment except:
a. Nature of business
b. Risk tolerance
c. Security profile
d. User community and capabilities
d. User community and capabilities is a factor that can impact security. It is not a driver for evaluating business plan and general business environment.
With respect to technology, the following factors can impact security except:
a. Platforms and tools used
b. Network connectivity
c. Level of IT complexity
d. Risk tolerance
e. New or emerging security tools
f. Operational support for security
d. Risk tolerance is not a factor that can impact security with respect to technology. It is a driver for evaluating business plan and general business environment.
There are an estimated 410,000 to 510,000 information security professionals worldwide. By 2018, jobs are expected to increase by how much:
a. 50%
b. 65%
c. 53%
d. 47%
c. 53%
Deals with information, regardless of its format and encompasses paper documents, digital and intellectual property in people’s minds, and verbal and visual communications.
Information Security
Defined as protecting information assets by addressing threats to information processed, stored, and transported by internetworked information systems.
Cybersecurity
The following activities are identified as key functions necessary for the protection of digital assets except:
a. Recover
b. Detect
c. Respond
d. Prevent
e. Identify
d. Prevent
Five functions (in order) are:
- Identify
- Protect
- Detect
- Respond
- Recover
The protection of information from unauthorized access or disclosure.
Confidentiality
Protection from improper disclosure according to its sensitivity and applicable legal requirements.
Integrity
Ensures the timely and reliable access to and use of information and systems.
Availability
Loss of confidentiality can result in the following except:
a. Loss of productive time
b. Disclosure of information protected by privacy laws
c. Loss of public confidence
d. Loss of competitive advantage
a. Loss of productive time is a consequence of loss of availability.
Loss of integrity can result in the following except:
a. Inaccuracy
b. Legal action against the enterprise
c. Erroneous decisions
d. Fraud
b. Legal action against the enterprise is a consequence of loss of confidentiality.
Loss of availability can result in the following except:
a. Loss of functionality and operational effectiveness
b. Loss of productive time
c. Loss of competitive advantage
d. Interference with enterprise’s objectives
c. Loss of competitive advantage is a consequence of loss of confidentiality.
Confidentiality can be preserved using the following methods except:
a. Access controls
b. File permissions
c. Digital signatures
d. Encryption
c. Digital signature is a method used to preserve integrity.
Integrity can be preserved using the following methods except:
a. Access controls
b. File permissions
c. Logging
d. Hashes
b. File permissions is a method used to preserve confidentiality.
Availability can be preserved using the following methods except:
a. Redundancy
b. Backups
c. Access controls
d. File permissions
d. File permissions is a method used to preserve confidentiality.
The responsibility of the board of directors and senior management of the organization.
Governance
The process by which an organization manages risk to acceptable levels.
Risk management
The act of adhering to, and the ability to demonstrate adherence to, mandated requirements defined by laws and regulations.
Compliance
Cybersecurity is the responsibility of:
a. senior management
b. IT security manager
c. employees
d. entire organization
d. Cybersecurity is the responsibility of the entire organization at every level.
The following are the goals of a governance program except:
a. Provide strategic direction
b. Ensure objectives are achieved
c. Ascertain whether the risk is managed appropriately
d. Verify that the IT budget is sufficient
d. One of the governance program goals is to verify that the organization’s resources are used responsibly.
True or false: A cybersecurity professional may be a practitioner but not part of senior management.
False. A cybersecurity professional may be a practitioner or part of senior management.
Responsible for ensuring that needed organization functions, resources, and supporting infrastructure are available and properly utilized to fulfill the directives of the board, regulatory compliance, and other demands.
Executive management
The cybersecurity manager will be responsible for the following except:
a. Developing security strategy
b. Designing and implementing processes and controls
c. Developing risk mitigation strategies
d. Directing and monitoring security activities
b. Designing and implementing processes and controls is a function of a cybersecurity practitioner.
The cybersecurity manager will be responsible for the following except:
a. Overseeing security program and initiatives
b. Responding to events and incidents
c. Enforcing policy and regulatory compliance
d. Ensuring that risk and BIAs are conducted
b. Responding to events and incidents is is a function of a cybersecurity practitioner.
Managing incidents and remediation is a function of the cybersecurity manager.
