Test Flash Cards 6
(23 cards)
What are the three threat catagories in information asset protection?
- Intentional
- Natural
- Inadvertent
Access to internal information should be restricted to which groups?
Company personnel adn those who have signed a nondisclosure agreement
How should obsolete prototypes, models, and test items be disposed of?
They should be destroyed so they can’t be reverse engineered
What is the best way to start addressing infringements of patents, copyrights, and trademarks?
By registering those rights
What qualifies something as a trade secret?
The information added value or benefit to the owner.
The trade secret was specifically identified, and the owner provided a reasonable level of protection for the information.
What is proprietary information?
Information of value, owned by an entity or entrusted to it, which has not been disclosed publicly.
What are the two primary aspects of recovery after an information loss?
- Return to normal business operations as soon as possible
- Implement measures to prevent a recurrence.
What is data mining?
Software-driven collection of open-source data and public information
What three aspects of information must be protected?
- Confidentiality
- Integrity
- Availability
What are five business impacts of an information asset loss event?
- Loss of company reputation/image/goodwill
- Loss of competitive advantage in one product/service
- Reducted projected/anticipated returns or profitability
- Loss of core business technology or process
- Loss of competitive advantage in multiple products/services
Informational assets can take what physical forms?
Prototypes and models
Manufacturing processes and equipment
The strategies used to safeguard information assets typically include what three components?
- Security measures
- Legal protections
- Management practices
What are technical surveillance countermeasures (TSCM)?
Services, equipment, and techniques designed to locate, identify, and neutralize technical surveillance activities
What are three key steps to take after an information loss?
- Investigation
- Damage assessment
- Recovery and follow-up
What are four levels of information classification?
- Highly restricted
- Restricted
- Internal Use
- Unrestricted
What parties should be considered as potential insider threats? Select all that apply:
1. Employees
2. Nation states
3. Customers
4. Vendors
- Employees
- Customers
- Vendors
The results of the risk assessment should help in what processes?
1. Designing access control systems
2. Selecting and prioritizing actions for managing risks
3. Insurance options
- Selecting and prioritizing actions for managing risks
Prototypes may exist in what forms? Select all that apply:
1. Paper designs
2. Market test materials
3. Internal memos
4. Software
- Paper designs
- Market test materials
- Software
What are examples of ‘small bits’ of information that may be pieced together to reveal sensitive information? Select all that apply
1. Website articles
2. Employee records
3. Partnership announcement
4. Supply orders
- Website articles
- Partnership announcement
- Supply orders
A process by which an organizational user is identified and granted privileges to levels of network information, systems, or resources, is called which of the following?
1. Application security control
2. Logical network access control
3. Application encryption control
4. Digital signature control
- Logica network access control
Which of the following is the keystone for continual improvement in the organization’s ability to effectively manage the security of its information assets?
1. NIST Framework
2. Generally Accepted Information Systems Security Practices
3. ISO/IEC 27001: 2005
4. Red Flag Rules
- ISO/IEC 27001: 2005
How are phishing attacks most commonly carried out?
1. Remote access
2. Social engineering
3. Insider threat
4. Nation state activities
- Social engineering
