Week 2

Question 1

Core of any business Security structure?

Answer 1

Security Management

Question 2

What serves as foundation of a corporations security program?

Answer 2

Core Components

Question 3

Potential loss or harm related to technical infrastructure, use of technology, or reputation of an organization.

Answer 3

Risk

Question 4

What are the 3 main security objectives?

Answer 4

Confidentiality, Integrity, Availability

Question 5

Weakness that may provide an entry point for an attacker leading to unauthorized access?

Answer 5

Vulnerability

Question 6

Any potential danger to information or systems?

Answer 6

Threat

Question 7

Someone or something who will take advantage of a known vulnerability

Answer 7

Threat Agent

Question 8

Likelihood of a threat agent taking advantage of a vulnerability to cause harm to an asset

Answer 8

Risk

Question 9

Instance of being exposed to losses from a threat agent

Answer 9

Exposure

Question 10

Parameters, safeguards, or countermeasures implemented to protect data ,infrastructure, and people in an organization

Answer 10

Security Controls

Question 11

a documented set of your organization’s information security policies, procedures, guidelines, and standards.

Answer 11

Security Program

Question 12

True or False. Security Administration can be single individual or teams?

Answer 12

True, based on size and requirement of company

Question 13

3 Types of Control

Answer 13

Administrative, Technical, Physical

Question 14

What type of control are these included?

Developing and publishing of policies, standards, procedures and guidelines

Risk Management

Screening personnel

Answer 14

Administrative controls

Question 15

Also called Logical controls; This includes configuration of security devices & infrastructure, implement and maintain access control mechanisms

Answer 15

Technical Controls

Question 16

Tangible Mechanisms, Protecting perimeter of data center.

Answer 16

Physical Controls

Question 17

Lack of understanding typically leads to believing your opponent (attacker) is less intelligent that you

Answer 17

Security Through Obscurity

Question 18

3 areas of Security Planning

Answer 18

Operational (Short Term), Tactical (mid term), strategic (long term)

Question 19

all of the tools, personnel and business processes that ensure that security is carried out to meet an organization’s specific needs”

Answer 19

Information security governance

Question 20

structures, systems, and practices an organization has in place

Answer 20

Governance

Question 21

What is the meaning of CobIT

Answer 21

Control Objectives for Information Technology

Question 22

From what framework was cobIT derived?

Answer 22

COSO framework

Question 23

First Latest version of CobIT

Answer 23

1996 and 2019, respectively

Question 24

Six principles of CobIT

Answer 24

1. Meet stakeholder needs,
2. Holistic approach,
3. Dynamic governance system,
4. Distinct governance from management,
5. Tailored to enterprise needs,
   6.End-to-end governance system

Question 25

Defines goals for the controls that should be used to properly manage IT

Answer 25

CobIT

Question 26

4 domains of CobIT

Answer 26

1. Plan and Organize
2. Acquire and Implement
3. Deliver and Support
4. Monitor and Evaluate

Question 27

5 COSO Areas

Answer 27

Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring

Question 28

What does CobIT and COSO identify?

Answer 28

What is to be achieved?

Question 29

De facto standard of best practices for IT

Answer 29

Information Technology Infrastructure Library (ITIL)