Info Assurance Security 2 Prelim Finals PDF

Preview

Summary

FefeF...

Description

INFO ASSURANCE AND SECURITY2 BY: silentguy

PRELIM QUIZ 1/2: ______________ was stored in servers in multiple areas, leaving us open to risk. World Risk Map Information is one of the most significant __________ resources. Non-substantial 20 different risk markers grouped under five main categories Security, Medical, Political, Environmental and Infrastructural Risks The need for skilled workers and allocation of funds for security within their budget: Companies are making the effort to allocate more funds in their budgets for security. True First Reason why investing in information security is significant Rising cost of breaches Fourth Reason why investing in information security is significant

Funded hackers and wide availability of hacking tools What jobs in information security is this? Salary: $95,510 Responsibilities: Information security analysts monitor their companies’ computer networks to combat hackers and compile reports of security breaches. Information Security Analyst Feeling confident about their organization’s security level: When information security community members participated in the Cybersecurity Trends Report, they were asked how positive they felt about their security stance. True What jobs in information security is this? Salary: $104,000 Responsibilities: Create an in-office network for a small business or a cloud infrastructure for a business with corporate locations in cities on opposite coasts. Computer Network Architects Disruptions in their day-to-day business: Time is money. True Second Reason why investing in information security is significant

Increasingly sophisticated attackers Third Reason why investing in information security is significant Proliferation of iot devices What jobs in information security is this? Salary: $103,560 Responsibilities: Software developers can be tasked with a wide range of responsibilities that may include designing parts of computer programs and applications and designing how those pieces work together. Software developer Fifth Reason why investing in information security is significant Regulatory compliances What jobs in information security is this? Salary: $139,000 Responsibilities: Information systems managers work toward ensuring a company’s tech is capable of meeting their IT goals. Computer and Information Systems Managers

PRELIM EXAM:

The ____________ Layer describes the notion that the physical acess to any system, server, computer, data center, or another physical object storing confidential information has to be constrained to business ought-to-know. Physical Access The ___________ principle dictates that information should solely be viewed by people with appropriate and correct privileges. Confidentiality ___________ consists of changing the data located in files into unreadable bits of characters unless a key to decode the file is provided. Encryption The __________ Layer describes the notion that access to infrastructure components has to be constrained to business ought-to-know. For instance, access to servers. Infrastructure Access The contemporary ___________ differs substantially from the classic one, which used pen and paper for encryption and which was far less complex. cryptography The aim of _________ is to ensure that information is hidden from people unauthorized to access it. confidentiality

The establishment of the ___________ rotor machine and the subsequent emergence of electronics and computing enabled the usage of much more elaborate schemes and allowed confidentiality to be protected much more effectively. Enigma The ___________ principle dictates that information should solely be viewed by people with appropriate and correct privileges. Confidentiality The __________ Layer describes the notion that data ought to be secured while in motion. Data In Motion The ____________ Layer describes the notion that access to end-user applications have to be constrained to business ought-to-know. Application Access The concept of layers illustrates that data communications and _____________ are designated to function in a layered manner, transferring the data from one layer to the next. computer network protocol CIA stands for _____________, integrity, and availability and these are the three main objectives of information security. confidentiality

To continue, confidentiality can be easily breached so each employee in an organization or company should be aware of his responsibilities in maintaining confidentiality of the __________ delegated to him for the exercise of his duties. information A principle which is a core requirement of information security for the safe utilization, flow, and storage of information is the CIA triad As regards to ____________, its means of protection are somewhat similar – access to the area where the information is kept may be granted only with the proper badge or any different form of authorization, it can be physically locked in a safe or a file cabinet, there could be access controls, cameras, security, etc. physical data

MIDTERM QUIZ 3: : assuring that information and programs are changed only in a specified and authorized manner. Integrity : controlling who gets to read information. Confidentiality

The requirements for applications that are connected to __________ will differ from those for applications without such interconnection. external systems For a ____________, the chief concern may be ensuring the confidentiality of classified information, whereas a funds transfer system may require strong integrity controls. national defense system : assuring that authorized users have continued access to information and resources. Availability

MIDTERM QUIZ 4: The weight given to each of the three major requirements describing needs for information security—confidentiality, integrity, and availability—depends strongly on circumstances Early disclosure may jeopardize______________ advantage, but disclosure just before the intended announcement may be insignificant. competitive A _____________ that must be restored within an hour after disruption represents, and requires, a more demanding set of policies and controls than does a similar system that need not be restored for two to three days.

system is a requirement whose purpose is to keep sensitive information from being disclosed to unauthorized recipients. confidentiality With __________ attacks, for example, even legitimate and honest users of an owner mechanism can be tricked into disclosing secret data. Trojan horse

MIDTERM EXAM: The framework within which an organization strives to meet its needs for information security is codified as security policy To be useful, a ___________ must not only state the security need (e.g., for confidentiality—that data shall be disclosed only to authorized individuals), but also address the range of circumstances under which that need must be met and the associated operating standards. security policy may prevent people from doing unauthorized things but cannot prevent them from doing things that their job functions entitle them to do. Technical measures Some __________ are explicitly concerned with protecting information and information systems, but the concept of management controls includes much more than a computer's specific role in enforcing security.

management controls Computers are _____________ entities, and programs can be changed in a twinkling, so that past happiness is no predictor of future bliss. active An effective ____________ controls is needed to cover all aspects of information security, including physical security, classification of information, the means of recovering from breaches of security, and above all training to instill awareness and acceptance by people. program of management A ___________ is a concise statement, by those responsible for a system (e.g., senior management), of information values, protection responsibilities, and organizational commitment. security policy In any particular circumstance, some threats are more probable than others, and a ____________ must assess the threats, assign a level of concern to each, and state a policy in terms of which threats are to be resisted. prudent policy setter are the mechanisms and techniques—administrative, procedural, and technical—that are instituted to implement a security policy. Management controls A major conclusion of this report is that the lack of a clear _____________ of security policy for general computing is a major impediment to improved security in computer systems. articulation

An ____________ must have administrative procedures in place to bring peculiar actions to the attention of someone who can legitimately inquire into the appropriateness of such actions, and that person must actually make the inquiry. organization As viruses have escalated from a hypothetical to a commonplace threat, it has become necessary to rethink such policies in regard to methods of distribution and acquisition of software One can implement that policy by taking specific actions guided by management control principles and utilizing specific security standards, procedures, and mechanisms The ____________ must be managed by auditing, backup, and recovery procedures supported by general alertness and creative responses. residual risk

FINAL QUIZ 5: is another way of saying “data security.” Information Security is all about protecting data that is found in electronic form (such as computers, servers, networks, mobile devices, etc.) from being compromised or attacked.

Cybersecurity The process to protect that data requires more advanced IT security tools Info security is concerned with making sure data in any form is kept secure and is a bit broader than Cybersecurity

FINAL QUIZ 6: If your data is stored physically or digitally, you need to be sure you have all the right ____________ in place to prevent unauthorized individuals from gaining access. physical access controls In some scenarios, an ___________ would help a cybersecurity professional prioritize data protection – and then the cybersecurity professional would determine the best course of action for the data protection. information security professional Over the last decade, we’ve seen a ___________ between cybersecurity and information security, as these previously siloed positions have come together. fusion

Both individuals need to know what data is most critical to the organization so they can focus on placing the right ___________ and monitoring controls on that data. cyber risk management Cybersecurity professionals traditionally understand the technology, firewalls, and intrusion protection systems needed, but weren’t necessarily brought up in the ______________. data evaluation business

FINAL EXAM: Computer security and cybersecurity are both children of ____________. information security Because ratings are easy to understand, they are a useful mechanism for _____________ and vendor risk to a non-technical audience in the C-suite, boardroom, or with the vendor in question. communicating internal Computer security and cybersecurity are completely ____________, and require digital computer technology from 1946’s ENIAC to now. interchangeable terms

IT security can probably be used interchangeably with cybersecurity, computer security and information security if _______________. it pertains to business Business partners and investors are increasingly aware of the importance of this topic, and companies are asked regularly about their effectiveness in securing data and managing both _____________. physical and cyber risk Keeping information ______________ electronic computers (such as ancient cryptography) to this very day falls under the banner of information security. secure for the history of data predating ____________ or security ratings are the cyber equivalent of a credit score. Cybersecurity ratings sing this high-level, objectively-derived data can simplify the _____________ around risk. conversation Ensuring proper HTTPS implementation for an e-commerce website or mobile app falls under cybersecurity and computer security, so it’s _____________. information security

IT is the ___________ for practical purposes, largely for industry (mainframes, supercomputers, datacenters, servers, PCs and mobile devices as endpoints for worker interaction) and consumers (PCs, mobile devices, IoT devices, and video game console endpoints for enduser lifestyles.) application of computer science...