FUNDAMENTAL OF INFORMATION ASSURANCE AND SECURITY

(Second Semester SY 2021)

Name: SIMBALLA, RODJEAN A.

Course&Section: BSIT 2D

ID NUMBER: 19_05453

Date: 5-9-21

Part I- Multiple Choice.

DIRECTION: Read each item carefully and select the letter that corresponds to the BEST answer

1.A

2D

3.C

4.D

5.B

6.D

7.A

8.D

9.B

10.D

Part II- DEFINITION.

DIRECTION: Define the following terms/words

11.Pishing - Phishing is the fraudulent attempt to obtain sensitive information or data, such as
usernames, passwords, credit card numbers, or other sensitive details by impersonating oneself as a
trustworthy entity in a digital communication.

12.Vulnerability - in this context can be defined as the diminished capacity of an individual or group to
anticipate, cope with, resist and recover from the impact of a natural or man-made hazard. The concept
is relative and dynamic.

13.Threat - In computer security, a threat is a potential negative action or event facilitated by a

vulnerability that results in an unwanted impact to a computer system or application

14.Cookbook - A cookbook in the programming context is collection of tiny programs that each
demonstrate a particular programming concept. The Cookbook Method is the process of learning a
programming language by building up a repository of small programs that implement specific
programming

15.Attacker - A person or other entity such as a computer program that attempts to cause harm to an
information system; for example, by unauthorized access or denial of service.

16.CBK - sometimes simply called a Body of Knowledge – refers to a peer-developed compendium of

what a competent professional in their respective field must know, including the skills, techniques and
practices that are routinely employed.

17.CISSP - The Certified Information Systems Security Professional (CISSP) is a globally recognized
certification for information technology security professionals

18.ISC - The International Information System Security Certification Consortium, or (ISC)², is a non-profit
organization which specializes in training and certifications for cybersecurity professionals.

19.ISO/IEC 17024:2003 - specifies requirements for a body certifying persons against specific
requirements, including the development and maintenance of a certification scheme for personnel.
20.Cryptography - is a method of protecting information and communications through the use of codes,
so that only those for whom the information is intended can read and process it. The prefix "crypt-"
means "hidden" or "vault" -- and the suffix "-graphy" stands for "writing."

Part III. DISCUSSION. Discuss briefly the following statement.

Information Security Principles:

21. There is no such thing as absolute security-In 2003, the art collection of the Whitworth Gallery in
Manchester, England, included three famous paintings by Van Gogh, Picasso, and Gauguin. Valued at
more than $7 million, the paintings were protected by closed-circuit television (CCTV), a series of alarm
systems, and 24-hour rolling patrols. Yet in late April 2003, thieves broke into the museum, evaded the
layered security system, and made off with the three masterpieces. Several days later, investigators
discovered the paintings in a nearby public restroom along with a note from the thieves saying, “The
intention was not to steal, only to highlight the woeful security.”

22. The three security goals are confidentiality, integrity, and availability-These three letters stand for
confidentiality, integrity, and availability, otherwise known as the CIA triad. Together, these three
principles form the cornerstone of any organization's security infrastructure; in fact, they (should)
function as goals and objectives for every security program.

23. Fear, uncertainty, and doubt do not work in selling security-At one time, “scaring” management into
spending resources on security to avoid the unthinkable was effective. The tactic of fear, uncertainty,
and doubt (FUD) no longer works: Information security and IT management is too mature

24. Complexity is the enemy of security-With a rising number of disparate cybersecurity solutions not
talking to one another, BlockAPT (backed by LORCA Cyber) leads the way by simplifying your security
ecosystem

25. When left on their own, people tend to make the worst security-The primary reason identity theft,
viruses, worms, and stolen passwords are so common is that people are easily duped into giving up the
secrets technologies use to secure systems.

Major categories of computer attacks

26. Military and intelligent attack - The debate over cyber technology has resulted in new considerations
for national security operations. States find themselves in an increasingly interconnected world with a
diverse threat spectrum and little understanding of how decisions are made within this amorphous
domain.

27. Business Attack - Understand the impact of cyber attacks on businesses and their finances,
reputation and con the user interface and the application's supporting database. The risk of business
logic attacks include data theft, revenue loss and network security breaches.

28. Financial Attacks - Cybercrime in finance is the act of obtaining financial gain through profit-driven
criminal activity, including identity fraud, ransomware attacks, email and internet fraud, and attempts to
steal financial account, credit card, or a other payment card information.

Intellectual Property Law

29. Patent law - is the branches of intellectual property law that deals with new invention. Once granted,
a patent gives the inventors the exclusive right to sell their invention for 20 years. Sometimes inventors
give other companies a license to manufacture and sell the invention in exchange for a free.

30. A trade secrets - is any practice or process of a company that is generally not known outside of the
company. Trade secret are part of a company's intellectual property. Unlike a patent, a trade secret is
not publicly.

31.Hacking in a time of covid-19 - A person who is found guilty of hacking is "punished by a minimum
fine of Ph100,000 and a maximum of commensurate to the damage incurred and a mandatory
imprisonment of six months to three years." Republic act no. 11449, which expanded the Access Devices
Regulations Act 1998. Likewise punishes hacking.

32. RA 10173, or the Data Privacy Act, protects individuals from unauthorized processing of personal
information that is (1) private, not publicly available; and (2) identifiable, where the identity of the
individual is apparent either through direct attribution or when put together with other available
information.

33. The Cybercrime Prevention act 2012 officially recorded as Republic act no.10175, is a law of the
Philippines that was approved on September 12, 2012. It aims to address legal issues concerning online
interactions and internet in the Philippines.
34. When our electronic commerce law was passed in June 2000 under Republic Act 8792 it's objectives
were to facilitate domestic and international transaction, contacts and exchanges and storage of
information through the utilization of electronic, optical and similar, medium, mode and instrumentality
and technology.

35. Cyber Security - protects the data and integrity of computing assets belonging to or connecting to an
organization's network it's purpose is to depend those assets against all threat actors throughout the
entire life cycle of a cyber attack.