Module 01

Question 1

What is the information security triad?

Answer 1

Confidentiality, Integrity, and Availability

Question 2

What is confidentiality

Answer 2

Protection of an asset from improper disclouse

Question 3

What are the breaches of confidentiality and examples of these

Answer 3

Intentional or Accidental, accessing unauthorized channels, showing information on displayed screens

Question 4

What are the effects of a confidentiality breach?

Answer 4

Legal penalties, , financial penalties, reputational damage

Question 5

What are ways to enforce confidentiality?

Answer 5

Obfuscation (making something obscure, unintelligible),
Encryption (information is converted into a secret code), Masking (censor information), Tokenization (substitute an identifier)

Question 6

What is integrity?

Answer 6

Ensuring the accuracy, precision, and trust worthiness of information system processing

Question 7

What are breaches of integrity?

Answer 7

Unauthorized modifications
- intentional
- accidental
- transmission error

Question 8

What is the effect of integrity breaches?

Answer 8

Damage to equipment and processes, life safety, and breach of contract

Question 9

How do you ensure integrity?

Answer 9

Separation of duties, and digital signature

Question 10

How do you enforce integrity?

Answer 10

Policies, access control, input validation, audit

Question 11

What is availability?

Answer 11

Ensuring that the resource is accessible is needed

Question 12

What are breaches of availability?

Answer 12

Intentional ( DoS, DDoS, Malware, Sabotage), Accidental (deletion of wrong file, misconfiguration)

Question 13

What are breaches of availability?

Answer 13

Hardware and software failure, natural events and utility failure (internet)

Question 14

What is the effect of lost availability?

Answer 14

life safety and interruption to business

Question 15

How do you ensure availability?

Answer 15

Replication, redundancy, clustering, scalability, resiliency

Question 16

How do you enforce availability?

Answer 16

Policies, access control and architecture

Question 17

What is non-repudiation?

Answer 17

To establish proof that links an action to a specific identity

Question 18

What are breaches of non-repudiation?

Answer 18

inability to link an activity to an identified user and an invalid user

Question 19

What is the effect of repudiation?

Answer 19

Loss of trust, lack of evidence, breach of contract

Question 20

How do you ensure non-repudiation?

Answer 20

Access controls, digital signatures

Question 21

How do you enforce non-repudiation?

Answer 21

Policies, certificates, logging

Question 22

What is due care?

Answer 22

Having reasonable processes in place to continually protect IT assets

Question 23

What is due diligence?

Answer 23

The Enforcement of the principles of due care

Question 24

How do you balance information security and access?

Answer 24

Achieve proper balance (security has reasonable access but also there’s security against the threat) even though imbalances may occur

Question 25

What is negligence?

Answer 25

The failure of due care and due diligence