ITEC 85

Question 1

refers to the protection of information and information systems from unauthorized access

Answer 1

INFORMATION SECURITY

Question 2

– refers to broader to a set of practices, policies, and procedures aimed at protecting the confidentiality

Answer 2

INFORMATION ASSURANCE

Question 3

to hide a glaze recipe for pottery.

Answer 3

CRYPTOGRAPHY IN ANCIENT TIME

Question 4

Firewalls

Answer 4

MEDIEVAL CASTLE

Question 5

Codes

Answer 5

WORLD WARR ll AND THE ENIGMA MACHINE

Question 6

– it is responsible for creating, managing, and using data

Answer 6

PEOPLE

Question 7

is refer to the activities and procedures that are used to collect, store, process, and distribute information

Answer 7

• PROCESSES

Question 8

is the raw material that is used by the information system

Answer 8

DATA

Question 9

refers to the computer programs

Answer 9

• SOFTWARE

Question 10

refers to the physical components of the information system

Answer 10

• HARDWARE

Question 11

component of an information system includes the communication infrastructure

Answer 11

• NETWORKING

Question 12

The birth of modern computing led to the development of computers

Answer 12

BIRTH OF MODERN COMPUTING AND EARLY THREATS

Question 13

It is important elements of information security that help protect computer systems

Answer 13

PASSWORD AND ACCESS CONTROLS

Question 14

refers to the time when the internet became widely accessible

Answer 14

INTERNET ERA

Question 15

It is an effort to enhance information security

Answer 15

TRUSTED COMPUTING INITIATIVE

Question 16

It is also known as asymmetric cryptography, is a method used in information security to secure communication

Answer 16

9. PUBLIC – KEY CRYPTOGRTAPHY

Question 17

refers to the increase in criminal activities that are conducted through the use of computers

Answer 17

10. THE RISE OF CYBECRIME

Question 18

refers to the protection of mobile devices

Answer 18

12. MOBILE SECURITY

Question 19

refers to the protection of data

cloud computing environments

Answer 19

13. CLOUD SECURITY

Question 20

refers to the measures and practices implemented to protect the security

Answer 20

14. INTERNET OF THINGS (IoT) SECURITY

Question 21

are sophisticated and targeted cyber-attacks that are carried out by skilled and persistent adversaries.

Answer 21

15. ADVANCED PERSISTENT THREATS (APTs)

Question 22

was an early computer worm that spread rapidly through vulnerable

Answer 22

7. THE MORRIS WORM

Question 23

refers to the measures and practices implemented to protect the security

Answer 23

14. INTERNET OF THINGS (IoT) SECURITY

Question 24

it pertains to laws and regulations that govern the protection and privacy of personal data.

Answer 24

16. DATE PRIVACY REGULATIONS

Question 25

5 BALANCING INFORMATION SECURITY AND ACCES:

Answer 25

* IMPLEMENT ACCESS CONTROL * USE MULTI – FACTOR AUTHENTICATION * EDUCATE USERS * USE ENCRYPTION * MONITOR USER ACTIVITY

Question 26

5 APPROACHES TO INFORMATION SECURITY IMPLEMENTATION:

Answer 26

* RISK – BASED APPROACH – * COMPLIANCE – BASED APPROACH - * DEFENSE IN DEPTH APPROACH – * HUMAN – CENTRIC APPROACH – * TECHNOLOGY – FOCUSED APPROACH –

Question 27

involves identifying and assessing risks to the organization’s information assets

Answer 27

* RISK – BASED APPROACH

Question 28

involves implementing security controls to comply with regulatory requirements

Answer 28

* COMPLIANCE – BASED APPROACH

Question 29

involves implementing multiple layers of security controls to provide redundancy

Answer 29

* DEFENSE IN DEPTH APPROACH

Question 30

focuses on the role of people in information security.

Answer 30

* HUMAN – CENTRIC APPROACH

Question 31

emphasizes the use of technology to protect information assets.

Answer 31

* TECHNOLOGY – FOCUSED APPROACH

Question 32

SECURITY IN THE SDLC:

Answer 32

* PLANNING * ANALYSIS * DESIGN * IMPLEMENTAION * TESTING * DEPLOYMENT * MAINTENANCE

Question 33

KEY TERMS AND CRITICAL CONCEPTS OF INFORMATION SECURITY:

Answer 33

1. CONFIDENTIALITY 2. INTEGRITY 3. AVAILBILTY 4. AUTHENTICATION 5. AUTHORIZATION 6. RISK MANAGEMENT 7. THREATS 8. VULNERABILITIES 9. DEFENSE IN DEPTH 10. INCIDENT RESPONSE

Question 34

THE 2 NEEDS FOR SECURITY

Answer 34

THREATH (NOUN) ATTACK (VERB)

Question 35

possible security risk that might exploit the vulnerability of a system or asset.

Answer 35

THREATH (NOUN)

Question 36

intentional unauthorized action on system.

Answer 36

ATTACK (VERB)

Question 37

TWO TYPES OF ATTACKS:

Answer 37

* ACTIVE ATTACKS * PASSIVE ATTACKS

Question 38

an attempt to change system resources

Answer 38

* ACTIVE ATTACKS

Question 39

an active attack is an attempt to change system resources

Answer 39

* PASSIVE ATTACKS

Question 40

EXAMPLES OF THREATS AND ATTACK

Answer 40

* CYBERATTACKS * PHYSICAL ATTACKS * RERROISM * THREAT OF VIOLENCE * NATURAL DISASTER * FINANCIAL FRAUD

Question 41

EXAMPLES OF THREATS AND ATTACKS IN INFORMATION SECURITY

Answer 41

EXAMPLES OF THREATS AND ATTACKS IN INFORMATION SECURITY * MALWARE * PHISING * DENIAL – OF – SERVICE (DOS) * PASSWORD ATTACKS * INSIDER THREATS * PHYSICAL ATTACKS

Question 42

DIFFERENT TYPES OF THREATS AND ATTACKS IN INFORMATION SECURITY

Answer 42

* ESPIONAGE OR TRESPASS – * FORCES OF NATURE – * HUMAN ERRO OR FAILURE – * INFORMATION EXTORTION – * SOFTWARE ATTACKS – * TECHNOLOGICAL OBSALANCE * THEFT – INTELLECTUAL PROPERTY (IP) –

Question 43

refer to illegal or unauthorized access to confidential information Ex. - Corporate Espionage - Cyber Espionage - Trespassing - Physical Espionage - Economic Espionage

Answer 43

* ESPIONAGE OR TRESPASS

Question 44

refer to natural disaster such as floods, earthquakes, and hurricanes that can cause damage to computer systems Ex. - Weather Events - Earthquakes - Volcanic Eruptions - Wildfires - Tsunamis - Power Outages - Lightning Strikes

Answer 44

* FORCES OF NATURE

Question 45

refers to mistakes made by individuals

Answer 45

* HUMAN ERRO OR FAILURE

Question 46

It is a type of cybercrime in which the attacker threatens to publish.

Answer 46

* INFORMATION EXTORTION

Question 47

refers to intentional damage

Answer 47

* SABOTAGE OR VANDALISM

Question 48

refer to cyberattacks that exploit vulnerabilities in software applications.

Answer 48

* SOFTWARE ATTACKS

Question 49

refers to the state where technology becomes outdated

Answer 49

* TECHNOLOGICAL OBSALANCE

Question 50

it is the act of taking someone else’s property without their consent

Answer 50

* THEFT

Question 51

refers to creations of the mind.

Answer 51

INTELLECTUAL PROPERTY (IP)

Question 52

7 COMMON TERMS USED IN INTELLECTUAL PROPERTY

Answer 52

COMMON TERMS USED IN INTELLECTUAL PROPERTY * PATENT * TRADEMARK * COPYRIGHT * TRADE SECRET * INFRINGEMENT * LICENSING * FAIR USE

Question 53

enacted by governments to regulate behavior

Answer 53

LAWS

Question 54

are rules that are established by regulatory agencies to enforce

Answer 54

REGULATIONS

Question 55

refer to a set of moral principles and values that guide individual behavior

Answer 55

ETHICS

Question 56

is a set of principles

Answer 56

CODE OF ETHICS

Question 57

are associations of individuals

Answer 57

PROFESSIONAL ORGANIZATION

Question 58

* INTERNATIONAL

Answer 58

* INTERNATIONAL - International Association of Computer Science and Information Technology (IACSIT) - Information System Security Association (ISSA) - International Association of Privacy Professionals (IAPP) - Cloud Security Alliance (CSA)

Question 59

* LOCAL

Answer 59

* LOCAL - Information Security Officers Group Philippines (ISOGP) - Philippine Computer Emergency Response Team (PH-CERT) - Philippine Society of Information Technology Educators (PSITE) - Philippine Society of Information Security Professional (PSISP)

Question 60

LAWS THAT AFFECTS THE PRATICE OF INFORMATION SECURITY

Answer 60

* DATA PRIVACY ACT OF 2012 (DPA) * CYBERCRIME PREVENTION AST OF 2012 * E-COMMERCE ACT OF 2000 * ANTI-PHOTO AND VIDEO VOYEURISM ACT OF 2009 * NATIOANL PRIVACY COMMISSION (NPC)