40 Questions
What is the primary goal of risk reduction?
To lessen the probability, negative consequences, or both, associated with risk
What is meant by 'treat' or 'mitigate' in the context of risk management?
To take one or more actions to reduce the impact or likelihood of a risk
What is risk transfer an example of?
Risk treatment involving the agreed distribution of risk with other parties
What is the primary consideration when deciding to accept a risk?
The practicality and sensibility of taking further action
What is the main advantage of having contingency measures in place?
It mitigates the effect if the risk does occur
What is an effective way to ensure that procedures are followed?
Creating desk cards or prompts for users
What is an example of a risk transfer mechanism?
Taking out an insurance policy
What is a potential limitation of risk transfer?
It may not mitigate reputational damage
Why is it important to manage information held in staff members' heads?
To prevent the loss of critical information in case of staff unavailability
What has led to increased focus on risk management in companies?
High-profile commercial criminal investigations
What is the role of senior management in risk acceptance?
To accept that it is not practical or sensible to take any further action
Who is responsible for risk management in an organization?
The board of directors
What is the primary goal of implementing effective IA?
To support the organization's continued operation
Why is it essential to detail procedures for managing physical assets?
To prevent the inadvertent inclusion of confidential files
What is the relationship between IA and corporate governance?
IA supports the principles of corporate governance
Why is it important to manage information held in staff members' heads?
To ensure business continuity in case of staff unavailability
What is the primary reason for the increased complexity of the information assurance manager's role?
The significant increase in threats and vulnerabilities arising from the internet and the World Wide Web
What is the term used to describe the risks and vulnerabilities arising primarily from the use of the internet?
Cyber security
What is the primary goal of criminals and others in the context of cyber-attacks?
To steal information and sell it on or use it for other purposes
What is the term used to describe the use of gained information to extract financial gain from innocent victims?
Fraud
Why is the term 'information assurance' still used in this book?
To refer to general principles of information security
What is the primary focus of the legislation introduced by governments to address information assurance?
Addressing the increasing problems of information assurance
What is the result of the seemingly meteoric rise in cyber-attacks?
Cyber warfare and the need for cyber security
What is the underlying theme of the book's discussion on information assurance?
The rise of cyber-attacks and the need for information security
What is the impact of increased information availability on the service industry?
It has liberated the industry, similar to the introduction of the steam engine or electricity
What is a major concern for global organisations when sending sensitive information across borders?
Proving the authorised person sent the correct document at the appropriate time
What is a risk associated with conducting trade over the internet?
Denial-of-service attacks
What is a challenge for organisations operating in multiple countries?
Understanding differing local legislation restrictions
What is a consequence of a virus infection or ransomware attack on an organisation's reputation?
Negative impact on reputation and financial status
What is a challenge for organisations when dealing with people they know little about?
Establishing an appropriate level of trust
What is the role of the information assurance manager in a global organisation?
To ensure the satisfaction of management and litigants
What is a key concern for global organisations when sending sensitive information electronically?
Ensuring the information is sent with proof of receipt, integrity, and authority
What is the primary focus of information assurance?
Managing risk
What is a key characteristic of a valid threat?
It has already happened to someone else
What is the relationship between threats and opportunities?
What is a threat to one person may be an opportunity to another
What is the primary benefit of understanding threats and vulnerabilities?
Reducing the likelihood of a threat being carried out
What is the term for the potential consequences of a threat being carried out?
Impact
What is the primary goal of information risk management?
Managing risk to ensure the confidentiality, integrity, and availability of information systems
What is a threat to information systems?
An unauthorised person discovering your username and password
What is the term for the areas of risk that must be addressed in an information system's environment?
Confidentiality, integrity, and availability
Study Notes
Information Assurance and Cyber Security
- The complexity of threats to companies, public bodies, and organizations has increased, making information assurance management a crucial field.
- The term "cyber security" has emerged due to the significant increase in threats arising from the internet and the World Wide Web.
Cyber Warfare and Cyber Security
- Cyber-attacks involve misappropriating information, encrypting it, and demanding money to release it, or using it for fraudulent purposes.
- Criminals and others seek to steal information and sell it or use it for illicit gain.
Risk Reduction and Management
- Risk reduction involves taking actions to lessen the probability, negative consequences, or both, associated with a risk.
- Risk transfer involves distributing risk to other parties, such as taking out insurance or writing contracts to mitigate financial impact.
- Risk acceptance involves accepting a risk and monitoring it, rather than taking further action.
Information Security Principles
- Information security is crucial in today's digital age, where organizations operate across multiple countries and have sensitive information to protect.
- Ensuring the secure transfer of information between countries and managing differing legislations is a significant challenge.
Relationship with Corporate Governance
- The advent of high-profile commercial criminal investigations has led to more stringent legislation regarding risk taking in companies.
- Risk management has become a top priority in many boardrooms, and it is no longer acceptable to delegate responsibility to the IT manager.
Information Risk Management
- Information assurance is primarily about managing risk, which involves understanding threats, vulnerabilities, and impact.
- Threats are realistic possibilities that may cause undesirable consequences, and vulnerabilities are weaknesses that can be exploited.
- Combining threats with likelihood or probability creates risk.
Threats and Threat Landscape
- Threats can be realistic or opportunistic, and may have already occurred to someone else.
- Threats must be valid and may have records of incidents to support their validity.
- Threats can be perceived differently by different individuals, and what may be a threat to one person may be an opportunity to another.
Explore the role of information assurance managers and the growth of cyber security, including the increasing complexity of threats and the need for expertise in this field.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
