Security And Risk Management (ch 1-4)

Question 1

What is the CIA Triad

Answer 1

Confidentiality- the principle that objects are not disclosed to unauthorized subjects

Integrity- the principle that objects retain their veracity and are only modified by authorized subjects

Availability- the principle that authorized subjects are granted timely and uninterrupted access to objects

Question 2

Explain how identification works

Answer 2

Identification is the process by which a subject professes an identity and accountability is initiated

Question 3

Understand the process of authentication

Answer 3

Authentication is the process of verifying or testing that a claimed identity is valid. Authentication requires information from the subject that must exactly correspond to the identity indicated

Question 4

How does authorization fit into a security plan

Answer 4

Authorization ensures that the requested activity or object access is possible given the rights and privileges assigned to the authenticated identity

Question 5

What is security governance

Answer 5

The collection of practices related to supporting, defining, and directing the security efforts of an organization

Question 6

Explain the auditing process

Answer 6

Auditing or monitoring is the programmatic means by which an authenticated subject is held responsible for their actions on a system. It detects unauthorized or abnormal activities

Question 7

What are the steps of the Business Impact Assessment process?

Answer 7

Identification of Priorities
Risk Identification
Likelihood Assessment
Impact Assessment
Resource Prioritization

Question 8

What law makes it a crime to cause malicious damage to a “federal interest” computer?

Answer 8

Computer Fraud and Abuse Act

Question 9

What type of intellectual property protection is best suited for computer software?

Answer 9

Trade secret

Question 10

Which one of the following BCP phases involves the largest commitment of hardware and software resources?

Answer 10

The BCP implementation phase involves the largest commitment of hardware and software resources. The other phases are more manpower intensive.

Question 11

A host organization that houses on-site security staff has what form of security system?

Answer 11

Proprietary system: This is the same thing as a central station system; however, the host organization has its own on-site security staff waiting to respond to security breaches.

Question 12

Under what form of control are people and processes all included, managed, and controlled?

Answer 12

Administrative control takes into consideration the processes and people who operate within an organizational security policy.