Professional Documents
Culture Documents
Hamza Ahmed
20K-1097
Q1
Confidentiality, Integrity, and Availability are the three components of the CIA. It is a fundamental
idea in information security that stands for the three main goals of system security in a computer.
Information must only be accessed by those who are authorised, according to the principles of
confidentiality, integrity, and availability. Accuracy and unaltered information must be available when
needed.
Q2
The accuracy, completeness, and reliability of data across its whole lifecycle are referred to as data
integrity. It guarantees that data stays constant and unaltered. In contrast, system integrity describes
how reliable a system is overall. It covers the procedures, software, and hardware that make up a
system and makes sure they all work as they should and are not tampered with or altered without
authorization.
Q3
The following are examples of threat consequences:
unauthorised access
data breach
Loss of data, whether deliberate or unintentional, can have serious consequences for businesses.
service disruption
malware
Software intended to cause harm, interference, or unapproved access to computer systems or data is
known as malware.
phishing
Phishing is when someone pretends to be a reliable source in an attempt to get private information,
including financial information or passwords.
DoS attack
Attacks known as denial of service (DoS) aim to prevent someone from using a computer or network
resource by flooding it with a large number of unauthorised requests.
Insider threat
Threats from people working for a company who possess sensitive data and may abuse or exploit it
for their own gain or malicious intent are known as insider threats.
Q4
Fundamental security design principles:
Least privilege
Users should only be given the minimum level of authority or permissions required to do their tasks.
Defence in depth
Implementing in place several security control layers to defend against different kinds of threats and
attacks.
Fail-safe defaults
In case of an error or malfunction, systems ought to be built with the ability to return to a safe state
by default.
Separation of duties
Splitting the responsibilities and rights among several users to avoid any one person from having
excessive power or control.
Secure by design
Implementing security features from the beginning into the architecture and design of systems and
applications.
Q5
The information resources of an organization and assets are protected by a defined set of rules,
guidelines, and processes known as security policies. It describes the goals, obligations, and
standards for security for workers and users. The following are involved in implementing a security
policy:
Policy Development
Outlining the security criteria, goals, and instructions that the policy will cover.
Policy Communication
Making sure that everyone involved is aware of the security policy and knows their roles and
obligations
Checking for violations of the security policy on a regular basis and doing audits to find any
vulnerabilities or variances.
Q6