Chapter 1

Question 1

It is the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction.

Answer 1

Information Security

Question 2

CIA means?

Answer 2

Confidentiality, Integrity and Availability

Question 3

The purpose of these terms is to describe security using relevant and meaningful words that make security more understandable to management and users, and define its purpose.

Answer 3

CIA Triad

Question 4

Ensuring that information is only accessible to those authorized to view it.

Answer 4

Confidentiality

Question 5

Maintaining the accuracy and reliability of data, ensuring it is not altered or tampered with.

Answer 5

Integrity

Question 6

Ensuring that information and resources are accessible to authorized users when needed.

Answer 6

Availability

Question 7

It is a term related to the area of confidentiality. It pertains to any data about an individual that could be used to identify them.

Answer 7

Personally Identifiable Information (PII)

Question 8

is a measure of the importance assigned to information by its owner, or the purpose of denoting its need for protection.

Answer 8

Sensitivity

Question 9

The process of verifying or proving the user’s identification is known as ‘’_______”.
It is a process to prove the identity of the requestor.

Answer 9

Authentication

Question 10

is a crucial principle in information security that ensures that a party in a transaction cannot deny the authenticity of their signature on a document or the sending of a message itself.

Answer 10

Non-repudiation

Question 11

is a legal term and is defined as the protection against an individual falsely denying having performed a particular action.

Answer 11

Non-repudiation

Question 12

is the right of an individual to control the distribution of information about themselves.

Answer 12

Privacy

Question 13

is a measure of the extent to which an entity is threatened by a potential circumstance or event. It is often expressed as a combination of:
The adverse impacts that would arise if the circumstance or event occurs; and
The likelihood of occurrence.

Answer 13

Risk

Question 14

It is something in need of protection.

Answer 14

Asset

Question 15

is a gap or weakness in those protection efforts.

Answer 15

vulnerability

Question 16

is an inherent weakness or flaw in a system or component, which, if triggered or acted upon, could cause a risk event to occur.

Answer 16

Vulnerability

Question 17

is something or someone that aims to exploit a vulnerability to thwart protection efforts.

Answer 17

Threat

Question 18

is the magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.

Answer 18

Impact

Question 19

It includes trade secrets, research, business plans and intellectual property

Answer 19

Classified or sensitive information

Question 20

is information that if improperly disclosed (confidentiality) or modified (integrity) would harm an organization or individual.

Answer 20

Sensitive Information

Question 21

Measured the degree to which something is whole and complete, internally consistent and correct.

Answer 21

Integrity

Question 22

It is the assurance that data has not been altered in an unauthorized manner.

Answer 22

Data Integrity

Question 23

It requires the protection of the data in systems and during processing to ensure that it is free from improper modification, errors or loss of information and is recorded, used and maintained in a way that ensures its completeness.

Answer 23

Data Integrity

Question 24

As part of data integrity, requires that all instances of the data be identical in form, content and meaning.

Answer 24

Consistency

Question 25

refers to the maintenance of a known good configuration and expected operational function as the system processes the information.

Answer 25

System Integrity

Question 26

It can be defined as (1) timely and reliable access to information and the ability to use it, and (2) for authorized users, timely and reliable access to data and information services.

Answer 26

Availability

Question 27

It is often associated with the term criticality, because it represents the importance an organization gives to data or an information system in performing its operations or achieving its mission.

Answer 27

Availability

Question 28

Three common methods of authentication

Answer 28

1. Something you know 2. Something you have 3. Something you are

Question 29

2 methods of Authentication

Answer 29

1. Single-factor Authentication (SFA) 2. Multi-factor Authentication (MFA)

Question 30

It ensure that communication or transactions cannot be denied by the involved parties. This is usually achieved through digital signatures, timestamps, and transaction logs.

Answer 30

Non-repudiation mechanisms

Question 31

Are cryptographic equivalents of handwritten signatures or stamped seals. They provide proof of origin, identity, and status of an electronic document.

Answer 31

Digital Signatures

Question 32

Common Threats to Information Security (3)

Answer 32

1. Malware 2. Phishing Attacks 3. Insider Threats

Question 33

Type of threats: Malicious software designed to harm or exploit any programmable device or network. Examples include viruses, worms and ransomware.

Answer 33

Malware

Question 34

Type of threats: Deceptive attempts to obtain sensitive information by masquerading as a trustworthy entity in electronic communications.

Answer 34

Phishing Attacks

Question 35

Type of threats: Risks posed by individuals within an organization, such as employees or contractors, who may misuse access to information.

Answer 35

Insider Threats

Question 36

Effective Protection Strategies (3)

Answer 36

1. Encryption 2. Regular software updates 3. Employee training

Question 37

reflects the potential adverse impacts that result from the possibility of unauthorized access, use, disclosure, disruption, modification or destruction of information and/or information systems.

Answer 37

Information Security Risks

Question 38

The means by which a threat actor carries out their objectives

Answer 38

Threat Vector

Question 39

is an inherent weakness or flaw in a system or component, which, if triggered or acted upon, could cause a risk event to occur.

Answer 39

Vulnerability

Question 40

is a weighted factor based on a subjective analysis of the probability that a given threat or set of threats is capable of exploiting a given vulnerability or set of vulnerabilities.

Answer 40

Likelihood of occurrence

Question 41

is the magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.

Answer 41

Impact

Question 42

It involves looking at your unique company and analyzing its unique situation.

Answer 42

Risk Identification

Question 43

is defined as the process of identifying, estimating and prioritizing risks to an organization’s operations (including its mission, functions, image and reputation), assets, individuals, other organizations and even the nation.

Answer 43

Risk assessment

Question 44

relates to making decisions about the best actions to take regarding the identified and prioritized risk.

Answer 44

Risk treatment

Question 45

is the decision to attempt to eliminate the risk entirely.

Answer 45

Risk avoidance

Question 46

is taking no action to reduce the likelihood of a risk occuring.

Answer 46

Risk acceptance

Question 47

it is the most common type of risk management and includes taking actions to prevent or reduce the possibility of a risk event or its impact.

Answer 47

Risk mitigation

Question 48

it is the practice of passing the risk to another party, who will accept the financial impact of the harm resulting from a risk being realized in exchange for payment.

Answer 48

Risk transference

Question 49

pertain to the physical, technical and administrative mechanisms that act as safeguards or countermeasures prescribed for an information system to protect the confidentiality, integrity and availability of the system and its information.

Answer 49

Security Controls

Question 50

address process-based security needs using physical hardware devices, such as badge readers, architectural features of buildings and facilities, and specific security actions to be taken by people.

Answer 50

Physical controls

Question 51

(also called logical controls) are security controls that computer systems and networks directly implement.

Answer 51

Technical Controls

Question 52

These controls can provide automated protection from unauthorized access or misuse, facilitate detection of security violations and support security requirements for applications and data.

Answer 52

Technical controls

Question 53

(also known as managerial controls) are directives, guidelines or advisories aimed at the people within the organization.

Answer 53

Administrative Control

Question 54

They provide frameworks, constraints and standards for human behavior, and should cover the entire scope of the organization’s activities and its interactions with external parties and stakeholders.

Answer 54

Administrative control

Question 55

refers to the systems, processes, and rules that guide decision-making and the behavior of individuals in an organization or institution.

Answer 55

Governance

Question 56

are commonly issued in the form of laws, usually from government (not to be confused with governance) and typically carry financial penalties for noncompliance.

Answer 56

Regulations

Question 57

are often used by governance teams to provide a framework to introduce policies and procedures in support of regulations.

Answer 57

Standards

Question 58

are put in place by organizational governance, such as executive management, to provide guidance in all activities to ensure that the organization supports industry standards and regulations.

Answer 58

Policies

Question 59

are the detailed steps to complete a task that support departmental or organizational policies.

Answer 59

Procedures