INFO ASSURANCE AND SECURITY2

BY: silentguy

PRELIM QUIZ 1/2:

______________ was stored in servers in multiple areas, leaving us open to risk.

World Risk Map

Information is one of the most significant __________ resources.

Non-substantial

20 different risk markers grouped under five main categories

Security, Medical, Political, Environmental and Infrastructural Risks

The need for skilled workers and allocation of funds for security within their budget: Companies are
making the effort to allocate more funds in their budgets for security.

True

First Reason why investing in information security is significant

Rising cost of breaches

Fourth Reason why investing in information security is significant

Funded hackers and wide availability of hacking tools

What jobs in information security is this?

Salary: $95,510

Responsibilities: Information security analysts monitor their companies’ computer networks to

Information Security Analyst

Feeling confident about their organization’s security level: When information security community
members participated in the Cybersecurity Trends Report, they were asked how positive they felt
about their security stance.

True

What jobs in information security is this?

Salary: $104,000

Responsibilities: Create an in-office network for a small business or a cloud infrastructure for a
business with corporate locations in cities on opposite coasts.

Computer Network Architects

True

Second Reason why investing in information security is significant

Increasingly sophisticated attackers

Third Reason why investing in information security is significant

Proliferation of iot devices

What jobs in information security is this?

Salary: $103,560

Responsibilities: Software developers can be tasked with a wide range of responsibilities that may
include designing parts of computer programs and applications and designing how those pieces work
together.

Software developer

Fifth Reason why investing in information security is significant

Regulatory compliances

What jobs in information security is this?

Salary: $139,000

Responsibilities: Information systems managers work toward ensuring a company’s tech is capable of
meeting their IT goals.

Computer and Information Systems Managers

PRELIM EXAM:

The ____________ Layer describes the notion that the physical acess to any system, server, computer,
data center, or another physical object storing confidential information has to be constrained to
business ought-to-know.

Physical Access

The ___________ principle dictates that information should solely be viewed by people with
appropriate and correct privileges.

Confidentiality

___________ consists of changing the data located in files into unreadable bits of characters unless a
key to decode the file is provided.

Encryption
The __________ Layer describes the notion that access to infrastructure components has to be
constrained to business ought-to-know. For instance, access to servers.

Infrastructure Access

The contemporary ___________ differs substantially from the classic one, which used pen and paper
for encryption and which was far less complex.

cryptography

The aim of _________ is to ensure that information is hidden from people unauthorized to access it.

confidentiality

The establishment of the ___________ rotor machine and the subsequent emergence of electronics
and computing enabled the usage of much more elaborate schemes and allowed confidentiality to be
protected much more effectively.

Enigma

The ___________ principle dictates that information should solely be viewed by people with
appropriate and correct privileges.

Confidentiality

The __________ Layer describes the notion that data ought to be secured while in motion.

Data In Motion

The ____________ Layer describes the notion that access to end-user applications have to be
constrained to business ought-to-know.

Application Access

The concept of layers illustrates that data communications and _____________ are designated to
function in a layered manner, transferring the data from one layer to the next.

computer network protocol

CIA stands for _____________, integrity, and availability and these are the three main objectives of
information security.

confidentiality

To continue, confidentiality can be easily breached so each employee in an organization or company

information

A principle which is a core requirement of information security for the safe utilization, flow, and
storage of information is the

CIA triad
As regards to ____________, its means of protection are somewhat similar – access to the area where
the information is kept may be granted only with the proper badge or any different form of
authorization, it can be physically locked in a safe or a file cabinet, there could be access controls,
cameras, security, etc.

physical data

MIDTERM QUIZ 3:

 : assuring that information and programs are changed only in a specified and authorized manner.

Integrity

 : controlling who gets to read information.

Confidentiality

The requirements for applications that are connected to __________ will differ from those for
applications without such interconnection.

external systems

For a ____________, the chief concern may be ensuring the confidentiality of classified information,
whereas a funds transfer system may require strong integrity controls.

national defense system

 : assuring that authorized users have continued access to information and resources.

Availability

MIDTERM QUIZ 4:

The weight given to each of the three major requirements describing needs for information security—
confidentiality, integrity, and availability—depends strongly on

circumstances

Early disclosure may jeopardize______________ advantage, but disclosure just before the intended
announcement may be insignificant. competitive

A _____________ that must be restored within an hour after disruption represents, and requires, a
more demanding set of policies and controls than does a similar system that need not be restored for
two to three days.

system

is a requirement whose purpose is to keep sensitive information from being disclosed to unauthorized
recipients.

confidentiality

With __________ attacks, for example, even legitimate and honest users of an owner mechanism can be
tricked into disclosing secret data.
Trojan horse

MIDTERM EXAM:

The framework within which an organization strives to meet its needs for information security is codified
as

security policy

To be useful, a ___________ must not only state the security need (e.g., for confidentiality—that data
shall be disclosed only to authorized individuals), but also address the range of circumstances under
which that need must be met and the associated operating standards.

security policy

may prevent people from doing unauthorized things but cannot prevent them from doing things that
their job functions entitle them to do.

Technical measures

Some __________ are explicitly concerned with protecting information and information systems, but
the concept of management controls includes much more than a computer's specific role in enforcing
security.

management controls

Computers are _____________ entities, and programs can be changed in a twinkling, so that past
happiness is no predictor of future bliss.

active

An effective ____________ controls is needed to cover all aspects of information security, including
physical security, classification of information, the means of recovering from breaches of security, and
above all training to instill awareness and acceptance by people.

program of management

A ___________ is a concise statement, by those responsible for a system (e.g., senior management), of
information values, protection responsibilities, and organizational commitment.

security policy

In any particular circumstance, some threats are more probable than others, and a ____________ must
assess the threats, assign a level of concern to each, and state a policy in terms of which threats are to
be resisted.

prudent policy setter

are the mechanisms and techniques—administrative, procedural, and technical—that are instituted to
implement a security policy.

Management controls
A major conclusion of this report is that the lack of a clear _____________ of security policy for general
computing is a major impediment to improved security in computer systems.

articulation

An ____________ must have administrative procedures in place to bring peculiar actions to the
attention of someone who can legitimately inquire into the appropriateness of such actions, and that
person must actually make the inquiry.

organization

As viruses have escalated from a hypothetical to a commonplace threat, it has become necessary to
rethink such policies in regard to methods of distribution and acquisition of

software

One can implement that policy by taking specific actions guided by management control principles and
utilizing specific security standards, procedures, and

mechanisms

The ____________ must be managed by auditing, backup, and recovery procedures supported by
general alertness and creative responses.

residual risk

FINAL QUIZ 5:

is another way of saying “data security.”

Information Security

is all about protecting data that is found in electronic form (such as computers, servers, networks,
mobile devices, etc.) from being compromised or attacked.

Cybersecurity

The process to protect that data requires more advanced

IT security tools

Info security is concerned with making sure data in any form is kept secure and is a bit broader than

Cybersecurity

FINAL QUIZ 6:

If your data is stored physically or digitally, you need to be sure you have all the right ____________ in
place to prevent unauthorized individuals from gaining access.

physical access controls

information security professional

Over the last decade, we’ve seen a ___________ between cybersecurity and information security, as
these previously siloed positions have come together.

fusion

Both individuals need to know what data is most critical to the organization so they can focus on placing
the right ___________ and monitoring controls on that data.

cyber risk management

Cybersecurity professionals traditionally understand the technology, firewalls, and intrusion protection
systems needed, but weren’t necessarily brought up in the ______________.

data evaluation business

FINAL EXAM:

Computer security and cybersecurity are both children of ____________.

information security

Because ratings are easy to understand, they are a useful mechanism for _____________ and vendor
risk to a non-technical audience in the C-suite, boardroom, or with the vendor in question.

communicating internal

Computer security and cybersecurity are completely ____________, and require digital computer
technology from 1946’s ENIAC to now.

interchangeable terms

IT security can probably be used interchangeably with cybersecurity, computer security and information
security if _______________.

it pertains to business

Business partners and investors are increasingly aware of the importance of this topic, and companies
are asked regularly about their effectiveness in securing data and managing both _____________.

physical and cyber risk

Keeping information ______________ electronic computers (such as ancient cryptography) to this very
day falls under the banner of information security.

secure for the history of data predating

____________ or security ratings are the cyber equivalent of a credit score.

sing this high-level, objectively-derived data can simplify the _____________ around risk.

conversation

Ensuring proper HTTPS implementation for an e-commerce website or mobile app falls under
cybersecurity and computer security, so it’s

_____________.

information security

IT is the ___________ for practical purposes, largely for industry (mainframes, supercomputers,
datacenters, servers, PCs and mobile devices as endpoints for worker interaction) and consumers (PCs,
mobile devices, IoT devices, and video game console endpoints for enduser lifestyles.)

application of computer science