Week 1 Flashcards
(15 cards)
What is the CIA triad in Information Security?
Confidentiality, Integrity, Availability
Define “Asset” in the context of information security.
Anything that has value to the organisation, its business operations and its continuity.
What is a “Threat”?
A potential cause of an incident that may result in harm to a system or organisation.
What is a “Vulnerability”?
A weakness of an asset or group of assets that can be exploited by one or more threats.
How is “Impact” defined in Information Security?
The result of an information security incident, caused by a threat, which affects assets.
How is “Risk” calculated?
Risk = Likelihood x Impact
Name categories of Information System assets.
Primary assets (business processes & information); Supporting assets (hardware, software, network, personnel, site, organisation’s structure)
What are the four types of governance documents?
Policies, Standards, Guidelines, Procedures
What does SETA stand for and why is it important?
Security, Education, Training and Awareness - programmes to equip staff with knowledge and skills to perform their duties securely.
Describe one way that improving confidentiality can impact availability.
Disk-encryption may slow down access, causing user frustration through protecting data confidentiality.
What is Information Security Governance?
How organisations control, direct and communicate their cybersecurity risk management activities.
List two common access control strategies.
(1) Authentication
(2) Authorization
How can cryptography help protect information assets?
By transforming data into unreadable form (encryption) and ensuring integrity (digital signatures).
What is the first step in incident response?
Rapid detection of incidents
Give an example of how a personnel error can compromise information security.
Leaking an access code may allow an unauthorised person into a secure area.
