Session 01 : Intro to IS

Question 1

Elements of Information Security?

Answer 1

1. Confidentiality : authorized to have access
2. Integrity : trustworthiness of Data of resources
3. Availability : available when required
4. Authenticity : quality of being genuine
5. Non-Repudiation : Guarantee or Assurance

Question 2

What are Information Security Threats?

Answer 2

Potential events circumstances that can cause harm to an organziation information system.

Question 3

Types of Cyber Security Threats?

Answer 3

1. Malware attacks
2. Phishing
3. DOS attack
4. Insider threats
5. APTs (Advanced Presistent Threats)
   an intruder gains access to a network and remains undetected for an extended period to steal data or distrupt operations.

Question 4

What are vulnerabilities?

Answer 4

Weaknesses or flaws in a system whether in software, hardware, or organizational processes that can be exploited by attackers to compromise security.

Question 5

Common Cybersecurity Vulnerabilities?

Answer 5

1. Outdated SW
2. Weak Credentials
3. Misconfigurations
4. Zero-Day Vulnerabilities
5. Poor Input Sanitization
6. Unsecured APIs

Question 6

3 primary conditions must be existing for a successful attack?

Answer 6

Attack = Motive(goal) + Method + Vulnerability

Question 7

Classification of attacks?

Answer 7

• Passive Attacks
• Active Attacks
• Close-in Attacks
• Insider Attacks
• Distribution Attacks

Question 8

Information Security Risk Management?

Answer 8

The process of identifying, assessing, and managing risks that could threaten an organization’s information assets.

Question 9

IS Risk Management Phases?

Answer 9

1. Risk identification
2. Risk assessment
3. Risk treatment
4. Risk monitoring and review

Question 10

Methodologies for IS risk management?

Answer 10

1. ISO/IEC 27001
2. NIST SP 800-30