Untitled Deck

Question 1

What is Information Security (InfoSec)?

Answer 1

Protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction

Focuses on confidentiality, integrity, and availability of information.

Question 2

What are the components of the CIA Triad?

Answer 2

• Confidentiality
• Integrity
• Availability

Each component plays a crucial role in protecting information.

Question 3

Define Confidentiality in the context of information security.

Answer 3

Ensures that information is accessible only to authorized users

Example: A hospital must keep patient records confidential.

Question 4

Define Integrity in the context of information security.

Answer 4

Ensures that information is accurate, complete, and unaltered

Integrity is vital for maintaining trust in data.

Question 5

Define Availability in the context of information security.

Answer 5

Ensures information and systems are accessible when needed

Essential for operational efficiency.

Question 6

What is the CNSS Security Model (McCumber Cube)?

Answer 6

A 3D model representing:
* Information States: Transmission, Storage, Processing
* Security Goals: Confidentiality, Integrity, Availability
* Security Measures: Technology, Policies & Practices, Education & Training

Emphasizes a holistic approach to security.

Question 7

List the components of Information Systems.

Answer 7

• Hardware
• Software
• Data
• People
• Processes/Procedures
• Networks

Each component plays a role in the overall information system.

Question 8

True or false: Security must align with business objectives.

Answer 8

TRUE

Organizations face various risks that can impact their objectives.

Question 9

What are some risks organizations face regarding security?

Answer 9

• Data breaches
• Insider threats
• Operational downtime

These risks necessitate a comprehensive security strategy.

Question 10

What is the need for Information Security in Organizations?

Answer 10

• Protects sensitive data and intellectual property
• Ensures regulatory compliance
• Prevents financial loss
• Supports customer trust and business resilience

Critical for maintaining operational integrity.

Question 11

List the security principles.

Answer 11

• Least privilege
• Defense in depth
• Separation of duties
• Accountability

These principles guide the implementation of security measures.

Question 12

What are the types of security controls?

Answer 12

• Preventive: firewalls, access controls
• Detective: intrusion detection, audits
• Corrective: backups, disaster recovery plans

Each type serves a different purpose in security management.

Question 13

Define Threat in cybersecurity.

Answer 13

Potential danger to information systems

Understanding threats is essential for risk management.

Question 14

Define Attack in cybersecurity.

Answer 14

An actual attempt to exploit vulnerabilities

Attacks can lead to significant security breaches.

Question 15

List some common attacks in cybersecurity.

Answer 15

• Phishing
• Malware
• Ransomware
• DDoS
• Insider threats

Awareness of these attacks is crucial for prevention.

Question 16

What does CAPEC stand for?

Answer 16

Common Attack Pattern Enumeration and Classification

A database that categorizes attack patterns.

Question 17

List examples of CAPEC categories.

Answer 17

• Injection attacks
• Buffer overflows
• Privilege escalation

Understanding these categories helps in anticipating attacks.

Question 18

What are the categories of Information Security Threats?

Answer 18

• Physical threats
• Technical threats
• Human threats
• Environmental threats

Each category presents unique challenges to security.

Question 19

Define Governance in the context of security.

Answer 19

Policies, roles, and responsibilities to manage security risk

Governance ensures compliance and accountability.

Question 20

What are the roles in security governance?

Answer 20

• CISO (Chief Information Security Officer)
• Security Analyst/Engineer
• Users

Each role contributes to the overall security strategy.

Question 21

What are the types of Information Security Policies?

Answer 21

• EISP (Enterprise InfoSec Policy)
• ISSP (Issue-Specific Policy)
• SysSP (System-Specific Policy)

These policies guide security practices within organizations.

Question 22

Define Standards in security.

Answer 22

Mandatory requirements (e.g., ISO 27001)

Standards ensure a baseline level of security.

Question 23

What are Procedures in security?

Answer 23

Step-by-step methods to achieve security objectives

Procedures provide clarity on implementing security measures.

Question 24

What are Guidelines in security?

Answer 24

Recommended practices for security implementation

Guidelines help organizations adopt best practices.

Question 25

What is the purpose of **SETA** programs?

Answer 25

Reduce human error risks ## Footnote Components include awareness, training, and education.

Question 26

What does **ISO 27001** represent?

Answer 26

International standard for InfoSec management systems ## Footnote It provides a framework for managing sensitive information.

Question 27

What is the role of **NIST**?

Answer 27

U.S. standard with best practices for risk management ## Footnote NIST guidelines are widely adopted in various sectors.

Question 28

What is the focus of **COBIT**?

Answer 28

Governance and management framework for IT processes ## Footnote COBIT helps organizations align IT with business goals.

Question 29

What does **Evaluation** in security program design involve?

Answer 29

Assess effectiveness of controls, risk posture, and compliance ## Footnote Evaluation is crucial for continuous improvement.

Question 30

What does **Design** in security program design entail?

Answer 30

Develop security programs aligned with business objectives, risks, and regulations ## Footnote Proper design ensures that security measures are effective.