Lesson 1: Comparing Security Roles and Security Controls

Question 1

What does Information Security (InfoSec) refer to?

Answer 1

The protection of data resources from unauthorized access, attack, theft, or damage.

Question 2

What is the protection of data resources from unauthorized access, attack, theft, or damage referred to as?

Answer 2

Information Security (InfoSec).

Question 3

How many properties comprise Secure Information?

Answer 3

Three.

Question 4

What are the properties of Secure Information referred to as?

Answer 4

CIA Triad.

Question 5

The CIA Triad are referred to as the properties of what?

Answer 5

Secure Information.

Question 6

What does CIA Triad stand for?

Answer 6

Confidentiality, Integrity, Availability.

Question 7

What is the CIA Triad also referred to as?

Answer 7

AIC.

Question 8

AIC is also referred to as?

Answer 8

CIA Triad.

Question 9

Define Confidentiality.

Answer 9

Certain information should only be known to certain people.

Question 10

What word explains that certain information should only be known to certain people.

Answer 10

Confidentiality.

Question 11

Define Integrity.

Answer 11

Data is stored and transferred as intended and that any modification is authorized.

Question 12

What word explains that data is stored and transferred as intended and that any modification is authorized?

Answer 12

Integrity.

Question 13

Define Availability.

Answer 13

Information is accessible to those authorized to view or
modify it.

Question 14

What word explains that information is accessible to those authorized to view or
modify it.

Answer 14

Availability.

Question 15

What is an example of another property that secure systems should exhibit?

Answer 15

Non-repudiation.

Question 16

Define non-repudiation.

Answer 16

A subject cannot deny doing something, such as creating, modifying, or
sending a resource.

Question 17

What word explains that a subject cannot deny doing something, such as creating, modifying, or sending a resource.

Answer 17

Non-repudiation.

Question 18

What does cybersecurity refer to?

Answer 18

Provisioning secure processing hardware and software.

Question 19

What is the provisioning secure processing hardware and software referred to as?

Answer 19

Cybersecurity.

Question 20

How many functions can information and cyber security be classified as?

Answer 20

Five.

Question 21

Who developed the functions that information and cyber security be classified as?

Answer 21

National Institute of Standards and Technology (NIST).

Question 22

What is the National Institute of Standards and Technology (NIST) known for?

Answer 22

Developing the functions that classify information and cyber security functions.

Question 23

What are the five functions that classify information and cyber security?

Answer 23

Identify, Protect, Detect, Respond, Recover.

Question 24

Based on NIST, define Identify.

Answer 24

Develop security policies and capabilities that evaluate risks, threats, and
vulnerabilities and recommend security controls to mitigate them.

Question 25

Based on NIST, what is defined as the development of security policies and capabilities to evaluate risks, threats, and vulnerabilities and recommend security controls to mitigate them.

Answer 25

Identify.

Question 26

Based on NIST, define Protect.

Answer 26

Procure/develop, install, operate, and decommission IT hardware and software assets with security as an embedded requirement of every stage of this operations life cycle.

Question 27

Based on NIST, what is defined as the procurement/development, install, operate, and decommission IT hardware and software assets with security as an embedded requirement of every stage of this operations life cycle.

Answer 27

Protect.

Question 28

Based on NIST, define detect.

Answer 28

Perform ongoing, proactive monitoring to ensure that controls are effective and capable of protecting against new types of threats.

Question 29

Based on NIST, what is defined as performing ongoing, proactive monitoring to ensure that controls are effective and capable of protecting against new types of threats.

Answer 29

Detect.

Question 30

Based on NIST, define respond.

Answer 30

Identify, analyze, contain, and eradicate threats to systems and data security.

Question 31

Based on NIST, what is defined as identify, analyze, contain, and eradicate threats to systems and data security.

Answer 31

Respond.

Question 32

Based on NIST, define recover.

Answer 32

Implement cybersecurity resilience to restore systems and data if other controls are unable to prevent attacks.

Question 33

Based on NIST, what is defined as implementing cybersecurity resilience to restore systems and data if other controls are unable to prevent attacks.

Answer 33

Recover.

Question 34

What are some information security competencies?

Answer 34

-Risk assessments, test security systems, make recommendations. -Specify, source, install, and configure secure devices and software. -Set up/maintain document access control and user privilege profiles. -Monitor audit logs, review user privileges, and document access controls. -Manage security-related incident response and reporting. -Create and test business continuity and disaster recovery plans/procedures. -Participate in security training and education programs.

Question 35

Define security policy.

Answer 35

A formalized statement that defines how security will be implemented within an organization.

Question 36

What does a security policy describe?

Answer 36

The means the organization will take to protect the confidentiality, availability, and integrity of sensitive data and resources.

Question 37

What are the typical information security roles?

Answer 37

-Chief Information Security Officer (CISO) -Information Systems Security Officer (ISSO) -managers, users