Information Security and HITECH Quiz

Questions and Answers

What is the primary goal of HITECH in health information technology?

• To regulate the electronic health records of patients.
• To develop new medical technologies.
• To ensure patient confidentiality in healthcare settings.
• To promote and expand the adoption of health information technology. (correct)

What does an Intrusion Prevention System (IPS) do in cybersecurity?

• It solely logs data for later review.
• It is designed only for network-level protection.
• It monitors for unauthorized access only.
• It takes actions when malicious events occur. (correct)

Which of the following best describes the importance of integrity in data management?

• It focuses on speeding up data processing.
• It encrypts data for secure transmission.
• It stores data in more accessible formats.
• It ensures that the data remains unaltered. (correct)

What is the function of a honeypot in network security?

To detect, monitor, and sometimes tamper with attacker activities. (D)

What does the Incident Response Process typically include?

Preparation, detection and analysis, identification, containment, eradication, recovery, and post-incident activity. (D)

Which three aspects are part of the Parkerian Hexad?

Confidentiality, Integrity, Availability (D)

What is the main requirement for companies that process credit card payments under PCI DSS?

To protect sensitive information (C)

What does penetration testing aim to replicate?

The methods of an actual attack (C)

Which of the following represents a physical threat?

Toxins and fire (C)

What does post-incident activity focus on?

Understanding the incident's cause and prevention (B)

Flashcards

What is a hash?

A fixed-length value representing data, like a digital fingerprint. Changing even a single bit in the data will drastically change the hash value.

What is a honeypot?

A type of security measure that deliberately exposes vulnerabilities to attract and analyze attackers' behavior.

What is a Host Intrusion Detection System (HIDS)?

A software tool running on a computer that monitors for suspicious activities and alerts when they are detected.

What is Data Integrity?

Ensures data remains unaltered, protecting against unauthorized modifications.

What is identity verification?

The process of confirming a person's or system's identity, usually through various identification methods.

What is Gamification?

The application of game-like elements to non-game situations, such as motivating employees.

What is risk assessment?

This process involves identifying, analyzing, and prioritizing risks related to securing information systems.

What is penetration testing?

The process of simulating real-world attacks to evaluate an organization's security defenses.

What is an interruption attack?

An attack that aims to prevent legitimate users from accessing resources or services.

What is interception?

A security measure used to detect unauthorized access to data or systems.

Study Notes

Hashes and Data Integrity

• Hashing is used for file distribution and communication verification, ensuring message integrity.
• A hash is a fixed-length value that represents data, acting like a fingerprint; altering the message changes the hash.

HITECH Act

• Promotes the adoption of health information technology, specifically electronic health records among healthcare providers.

Security Concepts

• Honeypots: Used to detect, monitor, and analyze attacker behavior by deliberately exposing vulnerabilities.
• Host Intrusion Detection System (HIDS): Software application that monitors local computers for suspicious activities.
• Intrusion Detection (IDS): Monitors and reports unauthorized activities in networks or applications.
• Intrusion Prevention Systems (IPS): Takes proactive actions against detected malicious activities.

Incident Response Process

• Involves key steps: Preparation, Detection & Analysis, Identification, Containment, Eradication, Recovery, and Post-incident Activity.

Compliance and Standards

• Industry Compliance: Refers to non-mandated standards designed for specific sectors, such as PCI DSS for payment card data protection.
• HIPAA: Ensures privacy protections for individuals' health information.
• GLBA: Protects bank customers' information through privacy regulations.
• FISMA: Provides a framework for securing government information systems.

Data Security Fundamentals

• Integrity: Ensures data remains unaltered.
• Interception: Unauthorized access to data or systems.
• Interruption: Attacks that disrupt asset availability.
• Anomaly-Based Detection: Identifies deviations from established network traffic baselines.

Risk Management and Analysis

• Vulnerability analysis is critical for identifying weaknesses in security systems.
• Access control lists (ACLs) regulate user permissions to resources.
• Risk assessments follow the identification of threats and vulnerabilities.

Threats and Vulnerabilities

• Phishing: Deceptive attempts to acquire sensitive information through fraudulent communications.
• Physical Threats: Include environmental factors (e.g., extreme temperatures, liquids) and human actions that can compromise assets.

Security Measures and Technologies

• Firewalls: Control network traffic, blocking unauthorized access.
• Anti-Malware Tools: Similar to IDS, they detect threats by recognizing signatures or abnormal activity.
• Hash Function: Produces a unique value for data without using an encryption key.
• Hardware Tokens: Generate one-time passwords as a security measure.

Assessing and Managing Incidents

• The incident response cycle includes preparation, detection, containment, eradication, recovery, and post-incident evaluations.
• Proper permissions and access management are essential to secure sensitive files in web applications.

General Concepts

• Identity: Refers to the claim of who or what a user is.
• Identity Verification: Process of confirming identity via different forms of identification.
• Admissibility of Records: Legal acceptance of records when properly tracked and regulated.

Miscellaneous

• Gamification: Application of game elements to enhance employee engagement in non-gaming settings.
• Penetration Testing: Simulates real-world attacks to evaluate an organization's security posture.