Week 1

Question 1

This person reports directly to the chief information
officer (CIO)

Answer 1

Chief information security officer (CISO)

Question 2

The ____ reports to the CISO and supervises technicians, administrators, and security staff.

Answer 2

Security manager

Question 3

The ____ has both technical knowledge and managerial skills

Answer 3

Security administrator.

Question 4

This position is generally an entry-level position for a person who has the necessary technical skills

Answer 4

Security technician

Question 5

it is the goal to be free from danger as well as the process that achieves that freedom

Answer 5

Security

Question 6

____ is intended to protect information that provides value to people and organizations

Answer 6

Information security

Question 7

There are three protections that must be extended over information: ___, ___, –or CIA. -

Answer 7

Confidentiality, Integrity, and Availability

Question 8

It is important that only approved individuals are able to access important information

Answer 8

Confidentiality

Question 9

____ ensures that the information is correct and no unauthorized person or malicious software has altered the data

Answer 9

Integrity

Question 10

____ ensures that data is accessible to authorized users

Answer 10

Availability

Question 11

In addition to the CIA, another set of protections must be implemented to secure information. These are ____, ____, ____ —or AAA

Answer 11

authentication, authorization, and accounting

Question 12

_ is defined as an item that has value

Answer 12

asset

Question 13

A type of action that has the potential to cause harm

Answer 13

threat

Question 14

A ____is a person or element that has the power to carry out a threat

Answer 14

threat agent

Question 15

____ is a flaw or weakness that allows a threat agent to bypass security

Answer 15

vulnerability

Question 16

A ____ is a situation that involves exposure to some type of danger

Answer 16

risk

Question 17

Identifying the risk but making the decision to not engage in the activity

Answer 17

Risk Avoidance

Question 18

____ simply means that the risk is acknowledged but no steps are taken to address it

Answer 18

Risk Acceptance

Question 19

____ is the attempt to address the risks by making risk less serious

Answer 19

Risk mitigation

Question 20

____ involves understanding something about the attacker and then informing him of the harm

Answer 20

Risk deterrence

Question 21

____ is the process of shifting the responsibility for managing a risk to another party.

Answer 21

Risk transference

Question 22

information security can be helpful in

Answer 22

• preventing data theft,
• thwarting identity theft,
• avoiding the legal consequences of not securing information,
• maintaining productivity, and foiling cyber terrorism.

Question 23

Steps of an Attack

Answer 23

• Reconnaissance
• Weaponization
• Delivery
• Exploitation
• Installation
• Command and Control
• Actions on Objectives