QUIZ 6 7 reset to pag exam na. gawa bago

Question 1

A branch of economics that studies how information is produced, distributed, and consumed in various markets, examining how information asymmetry affects market outcomes and how information availability influences buyer/seller behavior and market prices/quantities.

Answer 1

Economics of Information

Question 2

A key input used to produce goods and services, the effective collection, analysis, and use of which often leads to greater company success and economic value creation.

Answer 2

Information as a valuable resource

Question 3

A method for valuing information assets that involves looking at the prices for which similar information assets have sold in the past.

Answer 3

Market Approach / Market-based approaches

Question 4

A method for valuing information assets that involves estimating the cost of creating or acquiring the information asset.

Answer 4

Cost Approach / Cost-based approaches

Question 5

A method for valuing information assets that involves estimating the future income the information asset is likely to generate.

Answer 5

Income Approach / Income-based approaches

Question 6

The collective attributes such as accuracy, completeness, timeliness, relevance, uniqueness, and demand that determine the worth of information.

Answer 6

Factors influencing information’s value

Question 7

The process of managing information from its creation to its final disposition, serving as a key factor in a company’s risk management strategy.

Answer 7

Information Lifecycle Management (ILM)

Question 8

The five major phases information must go through and be managed during its lifespan, consisting of acquisition/creation, storage/maintenance, processing/use, disposition, and archival.

Answer 8

5 stages of information life cycle (ILM)

Question 9

The first phase in the information lifecycle where information is created and produced by a company or individuals, and information sources are identified.

Answer 9

Acquisition and creation (ILM phase)

Question 10

The second stage in the information lifecycle where organizations define storage locations, backup schedules, maintenance procedures, and security measures for their information.

Answer 10

Storage and maintenance (ILM phase)

Question 11

The third stage in the information lifecycle where information is received, organized, and evaluated, such as processing CRM data for business decisions.

Answer 11

Processing and use (ILM phase)

Question 12

The fourth stage in the information lifecycle involving the disposal or retention of information, often guided by a retention schedule to comply with rules and regulations.

Answer 12

Disposition (ILM phase)

Question 13

The final stage in the information lifecycle where organizations define how information will be archived, the hardware to be used, and the format and technologies for long-term preservation.

Answer 13

Archival (ILM phase)

Question 14

The set of difficulties in managing information effectively throughout its lifespan, including dealing with outdated data, deletion decisions, risk reduction, managing sensitive data, and keeping up with industry trends.

Answer 14

Challenges of an Effective Information Lifecycle

Question 15

The advantages gained from implementing a structured approach to managing information from creation to disposition, including reduced risks, cost savings, improved security, better governance, enhanced performance, and increased agility.

Answer 15

Benefits of Information Lifecycle Management (ILM)

Question 16

A field studying the intersection of cybersecurity and economics, addressing budgeting, governance, risks, and sustainability in socio-technical systems, and providing policy recommendations, regulatory options, and practical solutions for enhancing cybersecurity posture.

Answer 16

Cybersecurity Economics

Question 17

The economic field often defined with a focus on achieving maximum asset protection at minimal cost.

Answer 17

Cybersecurity Economics (common definition focus)

Question 18

The core issue in cybersecurity economics concerning the efficient allocation of financial resources for cybersecurity.

Answer 18

Budgeting (in Cybersecurity Economics)

Question 19

The core issue in cybersecurity economics where security decisions made by one entity impact other interconnected entities within digital ecosystems.

Answer 19

Interdependent Risks (in Cybersecurity Economics)

Question 20

The core issue in cybersecurity economics where unequal security knowledge among parties leads to adverse selection, moral hazards, and potentially market failure.

Answer 20

Information Asymmetry (in Cybersecurity Economics)

Question 21

The core issue in cybersecurity economics that involves establishing structured decision-making processes and security coordination among various organizations.

Answer 21

Governance (in Cybersecurity Economics)

Question 22

The core issue in cybersecurity economics related to the financial impact of malicious digital activities, assessed at global, national, or organizational levels, affecting financial stability.

Answer 22

Cybercrime Costs (in Cybersecurity Economics)

Question 23

The core issue in cybersecurity economics concerning the long-term viability of cybersecurity providers, which depends on a balanced distribution of value among all stakeholders.

Answer 23

Sustainability (in Cybersecurity Economics)

Question 24

The collective elements such as industry, number of employees, technology used, existing security measures, past attack analysis, potential attack cost, and current security protocols that influence a company’s cybersecurity expenditures.

Answer 24

Factors that Affect Cybersecurity Costs

Question 25

A security strategy and process designed to protect sensitive information by viewing operations from an adversary’s perspective, identifying actions that could expose critical data, and detecting and mitigating vulnerabilities before exploitation.

Answer 25

Operational Security (OPSEC)

Question 26

The collective benefits of OPSEC, including helping organizations recognize overlooked risks, preventing unintentional data exposure, strengthening defenses against various threats, and safeguarding future plans and capabilities.

Answer 26

Importance of OPSEC

Question 27

The five-stage process in operational security that includes identifying sensitive information, identifying threats, analyzing vulnerabilities, assessing risks, and devising a plan to mitigate threats.

Answer 27

The 5 Steps Of Operational Security

Question 28

The first step in OPSEC, involving understanding and listing critical data such as customer details, financial records, and intellectual property.

Answer 28

Identify Sensitive Information (OPSEC Step 1)

Question 29

The second step in OPSEC, involving recognizing internal and external entities that could target an organization's sensitive data.

Answer 29

Identify Threats (OPSEC Step 2)

Question 30

The third step in OPSEC, involving assessing weak points in an organization's current security practices and infrastructure.

Answer 30

Analyze Vulnerabilities (OPSEC Step 3)

Question 31

The fourth step in OPSEC, involving prioritizing identified vulnerabilities based on their threat level and potential impact.

Answer 31

Assess Risk (OPSEC Step 4)

Question 32

The fifth step in OPSEC, involving the implementation of countermeasures such as hardware upgrades, updated policies, and staff training to minimize identified risks.

Answer 32

Devise a Plan to Mitigate Threats (OPSEC Step 5)

Question 33

The characteristics of an effective OPSEC mitigation plan, which should be straightforward, adaptable, and involve updating equipment, implementing strict data policies, conducting employee training, and continuous revision.

Answer 33

Effective OPSEC Mitigation Planning

Question 34

A set of recommended guidelines for operational security, including logging network changes, allowing only essential devices, granting minimal necessary access, separating network management from security policy, using technology to reduce human error, and developing incident response strategies.

Answer 34

Best Practices For OPSEC

Question 35

An OPSEC best practice that involves logging and controlling all changes made to a network.

Answer 35

Change Management (OPSEC)

Question 36

An OPSEC best practice that involves permitting only essential and authorized devices to connect to networks.

Answer 36

Restrict Device Access (OPSEC)

Question 37

An OPSEC best practice ensuring that users and systems are granted only the minimal levels of access necessary to perform their functions.

Answer 37

Least Privilege Access (OPSEC)

Question 38

An OPSEC best practice that involves separating the responsibilities for network management from those for setting security policies.

Answer 38

Dual Control (OPSEC)

Question 39

An OPSEC best practice that involves leveraging technology to perform tasks and thereby minimize the potential for human error.

Answer 39

Automation (OPSEC)

Question 40

An OPSEC best practice that involves developing comprehensive incident response strategies to enable recovery from cyberattacks or other disruptive events.

Answer 40

Disaster Planning (OPSEC)

Question 41

A comprehensive evaluation of an organization’s information systems, designed to measure its security posture against established best practices, standards, and regulations.

Answer 41

Security Audits

Question 42

The key areas typically examined during a security audit, including physical infrastructure, software management, network vulnerabilities, human factors, and security policies.

Answer 42

Aspects Assessed by Security Audits

Question 43

The function of security audits in confirming adherence to specific industry standards and regulations such as HIPAA, SOX, ISO, and NIST.

Answer 43

Role of Security Audits in Compliance Verification

Question 44

The typical detailed findings presented in a security audit report, including identified vulnerabilities, gaps in compliance, and recommendations prioritized by risk.

Answer 44

Content of a Security Audit Report

Question 45

Specific technical and procedural domains scrutinized in security audits, such as access controls, network security measures, endpoint protection, data encryption, and incident response capabilities.

Answer 45

Key Areas Examined in Security Audits (Detailed)

Question 46

The practice of adhering to applicable laws, industry standards, and internal policies, with the goal of avoiding legal, financial, and reputational damage.

Answer 46

Compliance with Laws and Regulations

Question 47

Notable regulatory or industry standards that organizations may need to adhere to, such as GDPR for data privacy, HIPAA for healthcare, Sarbanes-Oxley for finance, and PCI DSS for payment security.

Answer 47

Examples of Compliance Frameworks

Question 48

The elements typically reviewed to ensure adherence to laws and regulations, including controls, policies, procedures, documentation, and evidence, which can be assessed internally or by third parties.

Answer 48

Review Inclusions for Compliance

Question 49

The supportive role security audits play in enabling organizations to achieve and sustain adherence to legal and regulatory requirements.

Answer 49

Relationship Between Security Audits and Compliance

Question 50

The advantages for an organization that result from conducting security audits and maintaining compliance, including legal adherence, improved risk management, better governance, enhanced trust, and cost savings.

Answer 50

Benefits of Security Audits and Compliance

Question 51

Recommended guidelines for conducting effective security and compliance audits, such as defining clear scope, involving stakeholders, collecting comprehensive data, performing risk assessments, creating remediation plans, and conducting regular reviews.

Answer 51

Best Practices for Security and Compliance Audits