Ahli kumpulan

1. Juliet Cheria Anak Juman (2021627146)

2. Enabella Tasha Anak Dennis (2021847122)
3. Rasiba Anak Nyareng (2021491944)
4. Khairunisa binti Abdul Khalik (2021497994)
5. Sharifah Nur Amirah binti Syed Akil (2021897968)
6. Nur Anisya binti Morshidi (2021627114)
7. Wendy Jane Anak William (2021478594)
INTRODUCTION TO THE MANAGEMENT OF INFORMATION SECURITY

QUESTION 1
Explain 3 instinct groups of managers and professionals, or communities of interest.
● There are 3 distinct groups of managers and professionals, or communities of interest in
the field of information security. Which means people who deal with protecting computer
systems, networks, and sensitive information from unauthorized access. Next is those in
the field of IT. These professionals provide technical assistance and support to users.
Lastly is those from the rest of the organization. There are many professionals who work
in other areas of an organization. Each department has their own roles.

QUESTION 2
Describe information asset
● Information asset is any piece of information that has value to an organization. This can
include data, documents, software, hardware, other digital or physical assets.
Information assets can be categorized based on their importance to the organization,
level of sensitivity, and potential impact if they are lost, stolen or accessed by
unauthorized individuals. For example, customer data, financial records, and intellectual
property may be considered high value information assets, while public placing website
content may be considered lower value

QUESTION 3
Discuss information security (InfoSec)
● Information Security (InfoSec) focuses on the protection of information and the
characteristics that it value such as confidentiality, integrity and availability, and includes
the technology that houses and transfers that information through a variety of protection
mechanisms such as policy, training and awareness programs and technology.

QUESTION 4
Explain the CIA Triad characteristics using a diagram.
● The CIA triad contains confidentiality, integrity and availability. These have expanded
into more comprehensive list of critical characteristics of information.
QUESTION 5
12 categories of threats
1. Compromises to intellectual property
2. Deviations in quality of service
3. Esplonage or trespass
4. Forces of nature
5. Human error or failure
6. Information extortion
7. Sabotage or vandalism
8. Software attacks
9. Technical hardware failures or errors
10. Technical software failures or errors
11. Technological obsolescence
12. Theft

QUESTION 6
● The meaning of intellectual property is intellectual property can be trade secrets,
copyright, trademarks and patents. Other than that, IP is protected by U.S Copyright and
other laws, carries the expectation of proper attribution or credit to its source, and
potentially requires the acquisition of permission for its use, as specified in those laws.
The unauthorized appropriation of IP constitutes a threat to information security. There
are two primary areas which is software piracy and copyright protection and user
registration.

QUESTION 7
Describe phishing
● It is the another example of skill based error occurs when employees fall for phising
scams. They should have been educated on the risk of fraudulent emails, but the
messages are designed to catch people off guard and could rest in the employee falling
for the bait. For example here, URL Manipulation and Web Site forgery.
QUESTION 8
10 typical forces of nature
- Fire
- Flood
- Earthquake
- Lightning
- Landslide or mudslide
- Tornados or severe windstorm
- Hurricanes, typhoons and tropical depressions
- Tsunami
- Electronic discharge (ESD)
- Dust contamination

QUESTION 9
Discuss the difference between Mean Time Between Failures (MTBF) and Mean Time to Failure
(MTTF).
● MTBF is describe the time between failures meanwhile MTTF describe the period
between the first failure adn the second failure. This two indicate a certain period of time.
The difference between MTBF and MTTF is that MTBF has to deal with faulty equipment
or assets and MTTF ussually reserved for goods that can be repaired. Unlike MTTF, is
utilised when mending an item that is not a potential.

QUESTION 10
Describe technological obsolescence
● When a technological product or service is no longer require even it is still in good
conditions, the technological obsolescence happens when a new product is develop to
replace an old version. For Example, operating system had to support the older
architecture when the cpu chips transitioned from 16 bits to 32 bits, then 64 bits.