Information Security and Concepts Quiz

Overview of Information Security and Security Concepts

• The IAS review covers areas of information security such as application security, access control, business continuity and disaster recovery, governance, risk, and compliance, legal and regulatory compliance, security architecture and design, network security, physical security, operations security, and cryptography.
• The CIA triad (confidentiality, integrity, and availability) is a fundamental concept of information security that ensures that data is secure and accessible only to authorized users.
• Confidentiality is achieved through encryption and steganography, which protect information at rest or in transit.
• Integrity ensures that information is not altered without authorization, and hashing functions and digital signatures are used to detect any changes in the underlying file.
• Availability ensures that information and systems remain available to authorized users when needed and is protected through redundant components, high availability, fault tolerance, and OS and application controls.
• Accountability is the ability to trace every action on a system to an individual user without ambiguity.
• Privacy is the protection of personal identifiable information (PII) and protected health information (PHI) governed under HIPAA. A comprehensive privacy program should consider management, notice, choice and consent, collection, use, retention and disposal, access, disclosure to third parties, security, quality, and monitoring and enforcement.
• Non-repudiation is the ability to prove to an independent party that a message came from the purported sender.
• Authenticity is when the recipient can be confident that the message came from the purported sender.
• Least privilege limits system permissions to only what is necessary for the user to perform their job, and privilege aggregation can jeopardize least privilege.
• Segregation of duties (SoD) is an internal control mechanism to prevent fraud and errors by ensuring that no single individual has control over all parts of a process.
• Support internetwork trust architectures (SITA) is a set of security controls and safeguards implemented in IT systems to protect the confidentiality, integrity, and availability of data in these systems.