Modules

Question 1

What does CIA stand for?

Answer 1

Confidentiality, Integrity, and Availability

Question 2

Define Confidentiality

Answer 2

Confidentiality relates to permitting authorized access to information, while at the same time protecting information from improper disclosure

Question 3

Define Availability

Answer 3

Availability means that systems and data are accessible at the time users need them

Question 4

Define Integrity

Answer 4

Integrity is the property of information whereby it is recorded, used and maintained in a way that ensures its completeness, accuracy, internal consistency and usefulness for a stated purpose

Question 5

What is the security professional’s obligation?

Answer 5

to regulate access—protect the data that needs protection yet permit access to authorized individuals

Question 6

Confidentiality is a difficult balance to achieve because

Answer 6

When many system users are guests or customers, and it is not known if they are accessing the system from a compromised machine or vulnerable mobile application

Question 6

What is Personally Identifiable Information (PII)?

Answer 6

It is a term related to the area of confidentiality. It pertains to any data about an individual that could be used to identify them. 

Question 6

Other terms related to confidentiality are….

Answer 6

protected health information (PHI), which is information regarding one’s health status, andclassified or sensitive information, which includes trade secrets, research, business plans and intellectual property

Question 6

What is sensitivity?

Answer 6

a measure of the importance assigned to information by its owner, or the purpose of denoting its need for protection

Question 7

What is sensitive information?

Answer 7

information that if improperly disclosed (confidentiality) or modified (integrity) would harm an organization or individual

Question 8

Example of sensitive information:

Answer 8

In many cases, sensitivity is related to the harm to external stakeholders; that is, people or organizations that may not be a part of the organization that processes or uses the information.

Question 9

How does the National Institute of Standards and Technology (NIST) define confidentiality?

Answer 9

It is the characteristic of data or information when it is not made available or disclosed to unauthorized persons or processes

Question 10

What is Personally Identifiable Information (PII)?

Answer 10

Any information that can be used to distinguish or trace an individual’s identity, such as name, Social Security number, date and place of birth, mother’s maiden name, or biometric records; and any other information that is linked or linkable to an individual, such as medical, educational, financial and employment information.

Question 11

protected health information (PHI)

Answer 11

Information regarding health status, the provision of healthcare or payment for healthcare as defined in HIPAA (Health Insurance Portability and Accountability Act).

Question 12

classified or sensitive information

Answer 12

Information that has been determined to require protection against unauthorized disclosure and is marked to indicate its classified status and classification level when in documentary form.

Question 13

sensitivity

Answer 13

A measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection.

Question 14

Integrity 

Answer 14

measures the degree to which something is whole and complete, internally consistent and correct

Question 15

The concept of integrity applies to:

Answer 15

• information or data
• systems and processes for business operations
• organizations
• people and their actions

Question 16

Data integrity

Answer 16

the assurance that data has not been altered in an unauthorized manner

Question 17

What requires the protection of the data in systems and during processing to ensure that it is free from improper modification, errors or loss of information and is recorded, used and maintained in a way that ensures its completeness?

Answer 17

Data Integrity

Question 18

What does data integrity cover?

Answer 18

Data integrity covers data in storage, during processing and while in transit.

Question 19

Information must be

Answer 19

accurate, internally consistent and useful for a stated purpose.

Question 20

The ________________ of information ensures that information is correct on all related systems so that it is displayed and stored in the same way on all systems.

Answer 20

internal consistency

Question 21

__________________, as part of data integrity, requires that all instances of the data be identical in form, content and meaning.

Answer 21

Consistency

Question 22

What refers to the maintenance of a known good configuration and expected operational function as the system processes the information?

Answer 22

System integrity

Question 23

Ensuring integrity begins with an awareness of__________, which is the current condition of the system.

Answer 23

state

Question 24

Specifically, this awareness concerns the ability to document and understand the state of data or a system at a certain point, creating a ___________.

Answer 24

baseline

Question 25

For example, abaselinecan refer to the current state of the information—whether it is protected. Then, to preserve that state, the information must always continue to be protected through a _____________.

Answer 25

transaction

Question 26

If the baseline matches the current state, then……….

Answer 26

the integrity of the data or the system is intact

Question 27

If the baseline doesn’t match the current state then………

Answer 27

the integrity of the data or the system has been compromised

Question 28

Going forward from that baseline, the integrity of the data or the system can always be ascertained by comparing what?

Answer 28

the baseline with the current state

Question 29

___________ is a primary factor in the reliability of information and systems.

Answer 29

Integrity

Question 30

The need to safeguard information and system integrity may be dictated by………

Answer 30

laws and regulations.

Question 31

Often, it is dictated by the needs of the organization to access and use what?

Answer 31

reliable, accurate information

Question 32

Data integrity

Answer 32

The property that data has not been altered in an unauthorized manner. Data Integrity covers data in storage, during processing and while in transit.

Question 33

System integrity

Answer 33

The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental.

Question 34

state

Answer 34

The condition an entity is in at a point in time.

Question 35

baseline

Answer 35

A documented, lowest level of security configuration allowed by a standard or organization.

Question 36

Availability can be defined as

Answer 36

(1) timely and reliable access to information and the ability to use it

(2) for authorized users, timely and reliable access to data and information services

Question 37

What is the core concept of availability?

Answer 37

Data is accessible to authorized users when and where it is needed and, in the form, and format required.

This does not mean that data or systems are available 100% of the time. Instead, the systems and data meet the requirements of the business for timely and reliable access.

Question 38

Some systems and data are far more critical than others, so the security professional must ensure that

Answer 38

the appropriate levels of availability are provided.