What are the three core principles of information security?
- Confidentiality
- Integrity
- Availability
These principles are often referred to as the CIA Triad.
The Parkerian Hexad expands the CIA Triad by adding which four elements?
- Possession
- Authenticity
- Utility
- Integrity (Parker)
This model provides a more comprehensive view of information security.
What are the four types of security attacks mentioned?
- Interception
- Interruption
- Modification
- Fabrication
These attacks target data at rest or in motion.
Define threat, vulnerability, and risk in the context of information security.
- Threat: Potential action that can harm systems
- Vulnerability: Weakness that can be exploited
- Risk: Likelihood of harm when both exist
Understanding these concepts is crucial for effective security management.
List the five steps in the risk management process.
- Identify key assets
- Identify threats
- Identify vulnerabilities
- Assess risks
- Mitigate risks
This process helps in managing potential security risks effectively.
What are the four stages of an Incident Response Plan?
- Preparation
- Detection & Analysis
- Containment, Eradication, Recovery
- Post-Incident
These stages help organizations respond effectively to security breaches.
True or false: Identification alone is a reliable method for confirming a user’s identity.
FALSE
Verification is necessary to confirm identity claims.
What are the common methods of authentication?
- Passwords
- Biometrics
- Hardware tokens
Each method has its strengths and weaknesses in terms of security.
What does authorisation determine in information security?
What an authenticated user is allowed to do
It is essential for managing access to systems and resources.
Name the two types of access controls.
- Physical
- Logical
Physical controls include keys and access cards, while logical controls include passwords and software permissions.
What is the purpose of non-repudiation in accountability?
Ensures actions can be traced to a specific individual
This is crucial for maintaining accountability in information security.
What are the two types of audits mentioned?
- Internal Audits
- External Audits
Internal audits review compliance with internal rules, while external audits ensure compliance with legal regulations.
What does regulatory compliance involve?
Adherence to legally mandated rules
It is verified through audits and is a business requirement.
What are the three types of controls in compliance?
- Physical
- Administrative
- Technical
Each type plays a role in reducing risk and ensuring compliance.
What does NIST stand for and what does it set?
National Institute of Standards and Technology; sets security standards
These standards are often adopted into law.
What is the ISO/IEC 27001 standard for?
Requirements for security management systems
It is part of a series of standards related to information security.
What is the difference between IaaS, PaaS, and SaaS?
- IaaS: Infrastructure as a Service
- PaaS: Platform as a Service
- SaaS: Software as a Service
Each model has different responsibilities for security between the provider and the user.
