Information Security Components Quiz

Questions and Answers

What is emphasized when it comes to information security?

• Achieving perfect information security in one step
• Implementing a top-down security approach
• Ignoring threats to focus on access
• Balancing between protection and availability (correct)

What is a key advantage of the Bottom-Up approach to information security implementation discussed in the text?

• It focuses on participant support
• It lacks critical features
• It prioritizes organizational staying power
• It involves grassroots systems administrators (correct)

Why is it mentioned in the text that perfect information security is impossible to obtain?

• To emphasize the importance of ignoring availability issues
• Due to the lack of technical expertise in organizations
• Because threats are not real concerns
• To highlight that security is an ongoing process (correct)

What are the three key aspects of security mentioned in the text?

Confidentiality, Availability, Integrity (C)

Which term refers to the likelihood of a threat exploiting a vulnerability within an organization's systems?

Risk (A)

What is the purpose of a risk assessment in information security?

To identify and prioritize risks to information assets (B)

Who is responsible for the security and use of a particular set of information?

Data owners (D)

Which group is responsible for information and systems that process, transmit, and store data?

Data custodian (B)

What group in the organization has access to information and plays an information security role?

Data users (C)

Who is appointed by data owners to oversee the management of a particular set of information?

Data trustee (C)