Confidentiality and Integrity Measures Quiz

السرية = يتعلق بمن يمكنه الوصول إلى المعلومات وبأي طريقة النزاهة = جودة أو حالة كون المعلومات كاملة وغير منحرفة التوفر = يتعلق بكيفية الوصول للمعلومات وخلوها من التدخل أو العراقيل الخصوصية = ضمان استخدام المعلومات بالطريقة الموافق عليها من قبل صاحب المعلومات

النهج الأسفل-إلى-أعلى = بدأتها المسؤولين والفنيين التقييم التفصيلي للضرر الناتج عن الحادث = تحديد نطاق انتهاك سرية وسلامة وتوافر المعلومات والأصول استعادة البيانات من نسخ الاحتياط = استعادة الخدمات والعمليات التي كانت قيد الاستخدام مراجعة ما بعد الحادث بالتفصيل = فحص مفصل للأحداث التي وقعت

CIO = الذي يمكن أن يبلغ مباشرة إلى CISO CSIRT = الذي يقوم بتقدير نطاق الضرر بالكامل تقدير الضرر الناتج عن الحادث = تحديد نطاق انتهاك سرية وسلامة وتوافر المعلومات والأصول Risk management = عملية اكتشاف وتقدير المخاطر المتعلقة بـ...

تصنيف المعلومات = تحديد مستوى أهمية المعلومات وفق إرشادات محددة التشفير = استخدام تقنيات التشفير لحماية المعلومات من الاطلاع غير المصرح به التخزين الآمن للمستندات = حفظ المستندات والبيانات في أماكن آمنة ومحمية التثقيف لحفظ المعلومات = تعليم حراس المعلومات والمستخدمين النهائيين عن كيفية الحفاظ على السرية

السرية = تقنية التشفير النزاهة = تقنيات التحكم في الأخطاء التوفر = ضمان توافر المعلومات دائمًا الخصوصية = ضبط استخدام المعلومات وفق الإذن

CISO = يلعب دورًا أكثر فعالية في تطوير تفاصيل التخطيط من CIO الإبلاغ عن الموارد البشرية المناسبة = أول مهمة في استعادة الحادث Bottom-up approach = بدأته مديرون تنفيذيون Top-down approach = بدأته إدارة كبار المستوى

Information classification = Categorizing information based on its sensitivity and importance Secure document storage = Protecting physical or digital documents in a safe and controlled environment Education of information custodians and end users = Training individuals on best practices to protect sensitive information Cryptography (encryption) = Converting data into a code to prevent unauthorized access

Integrity = The quality of being whole, complete, and uncorrupted Availability = Ensuring authorized users can access information in a usable format without interference Privacy = Ensuring information is used only as approved by the provider Identification = Recognition of individual users within an information system

Strategic planning = Setting long-term organizational direction and goals amidst changing environments Tactical planning = Converting strategic plans into specific actions for supervisory managers Operational planning = Detailed plans for non-management employees to execute daily tasks Intermediate planning = Translating high-level strategic plans into more specific actions for mid-level management

Identify vulnerabilities that allowed incident to occur = Step in the recovery process where weaknesses in the system are pinpointed Address safeguards that failed to stop or limit the incident = Step involving fixing security measures that were breached during the incident Restore data from backups = Step focused on recovering lost or compromised data from secure copies Restore the services and process in use = Step involving bringing back online the affected services and operational processes

CIO = Responsible for translating overall strategic planning into tactical and operational InfoSec plans CISO = Plays an active role in developing planning details and may report directly to the CIO CSIRT = Responsible for assessing the full extent of damage after an incident AAR = Involves a detailed examination of events that occurred during and after an incident

Risk management = Process of discovering and assessing risks to an organization's operations and determining how to control or mitigate them Risk analysis = Identification and assessment of levels of risk within an organization, a major component of risk management Identifying, examining, and understanding threats = Process of knowing the potential risks facing an organization's information assets People, Procedures, and Data Assets = Components that should be identified and linked based on nature of information asset being tracked

Bottom-up approach = Initiated by administrators and technicians within an organization Top-down approach = Initiated by top management as part of strategic planning for information security measures Incident recovery process = Begins after an incident is contained and system control is regained After-action review (AAR) = Detailed examination of events occurring during and after an incident

People Position name/number/ID Supervisor name/number/ID Security clearance level Special skills = Attributes associated with tracking people as assets Procedures Description Intended purpose Software/hardware/networking elements to which procedure is tied Location where procedure documents are stored = Attributes related to procedures as assets in an organization