INFO ASSURANCE AND SECURITY2

BY: silentguy

PRELIM QUIZ 1/2:

______________ was stored in servers in multiple areas, leaving us

open to risk.

World Risk Map

Information is one of the most significant __________ resources.

Non-substantial

20 different risk markers grouped under five main categories

Security, Medical, Political, Environmental and Infrastructural Risks

The need for skilled workers and allocation of funds for security within
their budget: Companies are making the effort to allocate more funds in
their budgets for security.

True

First Reason why investing in information security is significant

Rising cost of breaches

Fourth Reason why investing in information security is significant

Funded hackers and wide availability of hacking tools

What jobs in information security is this?

Salary: $95,510
Responsibilities: Information security analysts monitor their companies’
computer networks to combat hackers and compile reports of security
breaches.

Information Security Analyst

Feeling confident about their organization’s security level: When

information security community members participated in the
Cybersecurity Trends Report, they were asked how positive they felt
about their security stance.

True
What jobs in information security is this?

Salary: $104,000
Responsibilities: Create an in-office network for a small business or a
cloud infrastructure for a business with corporate locations in cities on
opposite coasts.

Computer Network Architects

Disruptions in their day-to-day business: Time is money.

True

Second Reason why investing in information security is significant

Increasingly sophisticated attackers

Third Reason why investing in information security is significant

Proliferation of iot devices

What jobs in information security is this?

Salary: $103,560
Responsibilities: Software developers can be tasked with a wide range
of responsibilities that may include designing parts of computer
programs and applications and designing how those pieces work
together.

Software developer

Fifth Reason why investing in information security is significant

Regulatory compliances

What jobs in information security is this?

Salary: $139,000
Responsibilities: Information systems managers work toward ensuring a
company’s tech is capable of meeting their IT goals.

Computer and Information Systems Managers

PRELIM EXAM:
The ____________ Layer describes the notion that the physical acess to
any system, server, computer, data center, or another physical object
storing confidential information has to be constrained to business
ought-to-know.

Physical Access

The ___________ principle dictates that information should solely be

viewed by people with appropriate and correct privileges.

Confidentiality
___________ consists of changing the data located in files into
unreadable bits of characters unless a key to decode the file is provided.

Encryption

The __________ Layer describes the notion that access to infrastructure

components has to be constrained to business ought-to-know. For
instance, access to servers.

Infrastructure Access

The contemporary ___________ differs substantially from the classic

one, which used pen and paper for encryption and which was far less
complex.

cryptography

The aim of _________ is to ensure that information is hidden from

people unauthorized to access it.

confidentiality
The establishment of the ___________ rotor machine and the
subsequent emergence of electronics and computing enabled the usage
of much more elaborate schemes and allowed confidentiality to be
protected much more effectively.

Enigma

The ___________ principle dictates that information should solely be

viewed by people with appropriate and correct privileges.

Confidentiality

The __________ Layer describes the notion that data ought to be

secured while in motion.

Data In Motion

The ____________ Layer describes the notion that access to end-user

applications have to be constrained to business ought-to-know.

Application Access

The concept of layers illustrates that data communications and

_____________ are designated to function in a layered manner,
transferring the data from one layer to the next.

computer network protocol

CIA stands for _____________, integrity, and availability and these are
the three main objectives of information security.

confidentiality
To continue, confidentiality can be easily breached so each employee in
an organization or company should be aware of his responsibilities in
maintaining confidentiality of the __________ delegated to him for the
exercise of his duties.

information

A principle which is a core requirement of information security for the

safe utilization, flow, and storage of information is the

CIA triad

As regards to ____________, its means of protection are somewhat

similar – access to the area where the information is kept may be
granted only with the proper badge or any different form of
authorization, it can be physically locked in a safe or a file cabinet, there
could be access controls, cameras, security, etc.

physical data

MIDTERM QUIZ 3:

: assuring that information and programs are changed only in a

specified and authorized manner.
Integrity
: controlling who gets to read information.
Confidentiality
The requirements for applications that are connected to __________
will differ from those for applications without such interconnection.
external systems
For a ____________, the chief concern may be ensuring the
confidentiality of classified information, whereas a funds transfer
system may require strong integrity controls.
national defense system
: assuring that authorized users have continued access to information
and resources.
Availability

MIDTERM QUIZ 4:

The weight given to each of the three major requirements describing

needs for information security—confidentiality, integrity, and
availability—depends strongly on
circumstances
Early disclosure may jeopardize______________ advantage, but
disclosure just before the intended announcement may be insignificant.
competitive
A _____________ that must be restored within an hour after disruption
represents, and requires, a more demanding set of policies and controls
than does a similar system that need not be restored for two to three
days.
system
is a requirement whose purpose is to keep sensitive information from
being disclosed to unauthorized recipients.
confidentiality
With __________ attacks, for example, even legitimate and honest
users of an owner mechanism can be tricked into disclosing secret data.
Trojan horse

MIDTERM EXAM:

The framework within which an organization strives to meet its needs

for information security is codified as
security policy
To be useful, a ___________ must not only state the security need (e.g.,
for confidentiality—that data shall be disclosed only to authorized
individuals), but also address the range of circumstances under which
that need must be met and the associated operating standards.
security policy
may prevent people from doing unauthorized things but cannot prevent
them from doing things that their job functions entitle them to do.
Technical measures
Some __________ are explicitly concerned with protecting information
and information systems, but the concept of management controls
includes much more than a computer's specific role in enforcing
security.
management controls
Computers are _____________ entities, and programs can be changed
in a twinkling, so that past happiness is no predictor of future bliss.
active
An effective ____________ controls is needed to cover all aspects of
information security, including physical security, classification of
information, the means of recovering from breaches of security, and
above all training to instill awareness and acceptance by people.
program of management
A ___________ is a concise statement, by those responsible for a
system (e.g., senior management), of information values, protection
responsibilities, and organizational commitment.
security policy
In any particular circumstance, some threats are more probable than
others, and a ____________ must assess the threats, assign a level of
concern to each, and state a policy in terms of which threats are to be
resisted.
prudent policy setter
are the mechanisms and techniques—administrative, procedural, and
technical—that are instituted to implement a security policy.
Management controls
A major conclusion of this report is that the lack of a clear
_____________ of security policy for general computing is a major
impediment to improved security in computer systems.
articulation
An ____________ must have administrative procedures in place to
bring peculiar actions to the attention of someone who can legitimately
inquire into the appropriateness of such actions, and that person must
actually make the inquiry.
organization
As viruses have escalated from a hypothetical to a commonplace threat,
it has become necessary to rethink such policies in regard to methods
of distribution and acquisition of
software
One can implement that policy by taking specific actions guided by
management control principles and utilizing specific security standards,
procedures, and
mechanisms
The ____________ must be managed by auditing, backup, and recovery
procedures supported by general alertness and creative responses.
residual risk

FINAL QUIZ 5:

is another way of saying “data security.”

Information Security
is all about protecting data that is found in electronic form (such as
computers, servers, networks, mobile devices, etc.) from being
compromised or attacked.
Cybersecurity
The process to protect that data requires more advanced
IT security tools
Info security is concerned with making sure data in any form is kept
secure and is a bit broader than
Cybersecurity

FINAL QUIZ 6:

If your data is stored physically or digitally, you need to be sure you

have all the right ____________ in place to prevent unauthorized
individuals from gaining access.

physical access controls

In some scenarios, an ___________ would help a cybersecurity

professional prioritize data protection – and then the cybersecurity
professional would determine the best course of action for the data
protection.

information security professional

Over the last decade, we’ve seen a ___________ between cybersecurity

and information security, as these previously siloed positions have
come together.

fusion
Both individuals need to know what data is most critical to the
organization so they can focus on placing the right ___________ and
monitoring controls on that data.

cyber risk management

Cybersecurity professionals traditionally understand the technology,

firewalls, and intrusion protection systems needed, but weren’t
necessarily brought up in the ______________.

data evaluation business

FINAL EXAM:

Computer security and cybersecurity are both children of

____________.

information security

Because ratings are easy to understand, they are a useful mechanism

for _____________ and vendor risk to a non-technical audience in the
C-suite, boardroom, or with the vendor in question.

communicating internal

Computer security and cybersecurity are completely ____________,

and require digital computer technology from 1946’s ENIAC to now.

interchangeable terms
IT security can probably be used interchangeably with cybersecurity,
computer security and information security if _______________.

it pertains to business

Business partners and investors are increasingly aware of the

importance of this topic, and companies are asked regularly about their
effectiveness in securing data and managing both _____________.

physical and cyber risk

Keeping information ______________ electronic computers (such as

ancient cryptography) to this very day falls under the banner of
information security.

secure for the history of data predating

____________ or security ratings are the cyber equivalent of a credit

score.

Cybersecurity ratings

sing this high-level, objectively-derived data can simplify the

_____________ around risk.

conversation

Ensuring proper HTTPS implementation for an e-commerce website or

mobile app falls under cybersecurity and computer security, so it’s
_____________.

information security
IT is the ___________ for practical purposes, largely for industry
(mainframes, supercomputers, datacenters, servers, PCs and mobile
devices as endpoints for worker interaction) and consumers (PCs,
mobile devices, IoT devices, and video game console endpoints for
enduser lifestyles.)

application of computer science