Lecture 9 Flashcards
(5 cards)
1
Q
Describe what information security is
A
Is a set of strategies for managing the process, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing a set of business processes that will protect information assets.
2
Q
Identify the types of information security risks and attacks
A
- Software attacks/system intrusion (Virus, Worms, Trojan horse, spam, bots, DoS,
Spyware, Spoofing, Social Engineering) - Physical intrusion
- Natural disasters
- Unintentional and intension disclosure and destruction of information by employees
- Inappropriate use of systems by the users
3
Q
Develop an information security management framework
A
- Identify
- A risk-based approach to identify the value, importance and sensitivity of the
information
- Assess the threats, vulnerabilities, event likelihood, and business impact
- Use of business impact level tools (BILs) - Protect
- Governance: board of directors’ role
- Communication
- Creating culture
- Access controls
- Awareness and training
- Data security
- Protective technology - Detect
- Anomalies and events
- Continuous monitoring
- Detection process - Respond
- Response planning
- Communications
- Mitigation
- Improvements - Recover
- Recovery planning
- Improvements
- Communication
4
Q
What are Encryptions
A
Is a preventative control providing confidentiality and privacy for data transmission and storage. There are two algorithms schemes that encode plaintext into non-relatable form or cypher text;
* Symmetric-key encryption methods
* Asymmetric encryption methods
5
Q
Symmetric-Key encrytions
A
- Fast and suitable for large datasets
- Key distribution is problematic because both sender and user use the same key
- Managing the same key is not cost effective
