CH 8.4 Information Security

Question 1

What is confidentiality to information security?

Answer 1

Confidentiality means prevention of unauthorized disclosure of information.

Question 2

What is integrity to information security?

Answer 2

Integrity ensures information is protected from unauthorized or unintentional alteration, modification or deletion.

Question 3

What is availability to information security?

Answer 3

Availability means information is readily accessible to authorized users

Question 4

What is CIA to information security?

Answer 4

Confidentiality, Integrity, Availability

Question 5

How is risk defined by information security?

Answer 5

The combination of the probability of an event and its consequence (ISO/IEC 73)

Question 6

The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or legal nature.

Answer 6

controls

Question 7

Preventive controls

Answer 7

Prevent an incident from occurring (e.g., preventing unauthorized users) - firewalls, passwords, training.

Question 8

Detective controls

Answer 8

Detect and report when errors, omissions and unauthorized uses of entries occur (e.g., by sounding an alarm and alerting the appropriate person). audits, anti-virus software.

Question 9

Corrective controls

Answer 9

intended to limit the extent of any damage caused by the incident.

They are designed to correct errors, omissions and unauthorized uses and intrusions once they are detected (e.g., by recovering the organization to normal working status as efficiently as possible). business continuity plans.

Question 10

Best known and most prominent information security standards.

Answer 10

International Organization for Standardization (ISO) Standards

Question 11

Privacy and Information Security disconnects

Answer 11

Privacy has a wider set of obligations; confidentiality (personal information, for example phone numbers, is not always confidential); different classification systems

Question 12

Privacy and Information Security overlaps

Answer 12

Both groups have vested interested in keeping information safe.

Question 13

Information security classification categories

Answer 13

Most information security classification schemas use the following categories:

1) Public
2) Confidential
3) Highly confidential
4) Restricted

Question 14

Access control

Answer 14

Access to an organization’s information systems should be tied to an employee’s role.

No employees should have greater information access than is necessary to perform their job functions.

Question 15

Segregation of duties.

Answer 15

Ensure one person cannot exploit or gain access to information inappropriately.

Question 16

Least privilege.

Answer 16

Grant access at the lowest possible level required to perform the function.

Question 17

Need-to-know access.

Answer 17

Restrict access to only information that is critical to the performance of an authorized, assigned mission

Question 18

physical controls

Answer 18

locks, fences

Question 19

technical controls

Answer 19

user logins, firewalls

Question 20

administrative controls

Answer 20

incident response processes

Question 21

Administrative Controls

Answer 21

1) incident response processes
2) training
3) oversight