Info Gov Flashcards Preview

CISSP > Info Gov > Flashcards

Flashcards in Info Gov Deck (77)
Loading flashcards...
0

What is the opposite of CIA?

Disclosure
Alteration
Destruction

1

What are the 5 classifications commonly used by the U.S. department of Defence?

Unclassified
Sensitive but Unclassified (SBU)
Confidential
Secret
Top Secret

2

Which classification level (US DoD) may often use the terms "for official use only" or "for internal use only"?

Unclassified

3

What is the difference between unclassified and SBU? (US DoD)

SBU generally contains personal information ie medical records or disciplinary proceedings.

4

What is the lowest level of classified government information? (US DoD)

Confidential

5

What term is commonly used to collectively represent policies, procedures, guidelines and standards that help steer an organisations decisions and operations?

Governance

6

What are the four main types of policies?

SARI

Senior Management
Regulatory
Advisory
Informative

7

Which type of policy do most policies fall under?
SARI

Advisory

8

Which type of identity management system facilitates authentication, non-repudiation and access control via digital certificates?

PKI

9

Which 3 of the following 5 background checks would commonly be included as part of more extensive pre-employment screening?
Credit check
Drug test
Reference check
Special background investigation
Verification of personal/professional data in application

Credit check
Drug test
Special background investigations

10

Who is ultimately responsible for an organisations information security? management or information security professional?

Management

11

With regards information a system admin what commonly be known as what? Information owner or custodian?

Custodian

12

Which term is used to ensure that not one individual has complete authority or control over a critical system or process and also reduces dependence on individuals, ie avoiding a single point of failure?

Separation of duties

13

Which terms describes regularly transferring key personnel into different roles or positions in different parts of the organisation?

Job rotation

14

What 3 things does the risk assessment triple consist of?

Quantities risk methodologies
Risk calculations
Safeguard selection criteria and objectives

15

What 2 elements are multiplied to calculate a risk?

Threat x Vulnerability = Risk

16

What 3 elements does the risk management triple consist of?

Threat
Vulnerability
Asset

17

Risk management consists of 3 elements. What are they?

Identification
Analysis
Risk Treatment

18

When does risk identification occur?

During a risk assessment

19

What are the two methods used for determining the value of an asset?

Quantitive
Qualities

20

Which method is related to cost? Quantitive or qualative?

Quantitive

21

Which method is related to importance? Quantitive or qualative

Qualative

22

What 3 basic elements are used to determine the value of an asset?

Initial and maintenance costs
Organisational (internal) value
Public value

23

Which value (organisational or public) includes the cost of acquiring, creating or re-creatinine information, and the business impact or loss if the information is lost or compromised. It can also include liability costs, personal injury, death, etc?

Organisational

24

Which value (organisational or public) includes loss of proprietary information or processes and business reputation?

Public

25

What are the 4 basic steps in threat analysis?

1. Define the threat
2. Identify the consequences if threat occurs
3. Determine the probable frequency of threat event
4. Assess the probability of threat occurring

26

What two types are threats generally categorised as?

Man made
Natural

27

Which 4 steps are involved in risk analysis?

1. Identify assets to be protected including sensitivity, value, importance to the organisation.
2. Define specific threats including threat frequency and impact data
3. Calculate Annualised Loss Expectancy (ALE)
4. Select appropriate safeguards

28

How is the annual loss expectancy calculated?

SLE x ARO = ALE
Single loss expectancy x annual rate of occurrence

29

How is single loss expectancy (SLE) calculated?

Asset value x Exposure Factor