Information Security Fundamentals
14 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary goal of Risk Management?

  • To implement security controls
  • To eliminate all risks
  • To make risks as small as possible (correct)
  • To increase the probability of threats

What is the primary goal of Information Security?

  • To ensure the availability of information systems
  • To ensure the integrity of information
  • To prevent unauthorized access to information
  • To protect assets in order to achieve CIA (Confidentiality, Integrity, Availability) (correct)

What is an Incident in the context of security?

  • The occurrence of a security violation (correct)
  • A potential threat to security
  • A weakness in the system design
  • A mechanism to mitigate threats

What is the risk associated with a lack of confidentiality?

<p>Loss of privacy, unauthorized access, identity theft (A)</p> Signup and view all the answers

What is the primary purpose of tracking vulnerabilities?

<p>To mitigate potential security violations (B)</p> Signup and view all the answers

What is the term for the potential loss of an asset upon an incident?

<p>Exposure Factor (D)</p> Signup and view all the answers

What is the purpose of audit logs?

<p>To track security controls such as errors, login attempts, changes, etc. (C)</p> Signup and view all the answers

What is the primary method of ensuring the integrity of information?

<p>Quality assurance and audit logs (C)</p> Signup and view all the answers

What is a common system used to track vulnerabilities?

<p>Common Vulnerability Scoring System (C)</p> Signup and view all the answers

What is the term for an action or event that may potentially compromise security?

<p>Threat (B)</p> Signup and view all the answers

What is the purpose of authentication?

<p>To verify/prove a subject's claims to a given identity (A)</p> Signup and view all the answers

What is the primary purpose of authorization?

<p>To grant an authenticated subject proper access rights to different assets (D)</p> Signup and view all the answers

What type of access control assigns security levels on users and resources?

<p>Mandatory Access Control (A)</p> Signup and view all the answers

What is the risk associated with a lack of availability?

<p>Business disruption, loss of customer confidence, loss of revenue (A)</p> Signup and view all the answers

Study Notes

Information Security

  • Information Security is the process and methods of protecting assets to achieve CIA (Confidentiality, Integrity, Availability)
  • CIA is crucial to protect print, electronic, or any other form of confidential, private, and sensitive information or data from unauthorized access

Confidentiality

  • Confidentiality ensures that information is kept private and secure
  • It assures that information is available only to those who have authorized access
  • Risks associated with confidentiality: loss of privacy, unauthorized access, identity theft
  • Controls to maintain confidentiality: encryption, authentication, access controls

Integrity

  • Integrity ensures that information is not modified, deleted, or added without authorization
  • It ensures the trustworthiness, accuracy, and completeness of the data
  • Risks associated with integrity: unreliable/inaccurate information
  • Controls to maintain integrity: quality assurance and audit logs

Availability

  • Availability ensures that systems for processing, delivering, and storing information are accessible when required
  • Risks associated with availability: business disruption, loss of customer confidence, and loss of revenue
  • Controls to maintain availability: back-up storage and sufficient capacity

Triple A of InfoSec

  • Authentication: process in which a subject attempts to verify/prove their claims to a given identity
  • Three primary forms of authentication: what you have, who you are, and what you know
  • Authorization: the act of granting an authenticated subject to their proper access rights to different assets
  • Schemes of authorization: Mandatory Access Control, Discretionary Access Control, Role-based Access Control, and Attribute-based Access Control

Audit Trail

  • Audit Trail tracks security controls such as errors, login attempts, changes, etc.
  • Actions should be traceable to a specific subject for the information to be useful

Assets

  • Assets are any tangible/intangible item with value to an organization
  • Assets whose loss can cause a potential disruption to an organization

Vulnerabilities

  • Vulnerabilities are weaknesses/flaws that may intentionally/unintentionally triggered, leading to violation of security policies
  • Vulnerabilities may be present in inherent design or the actual system
  • Current and existing vulnerability tracking systems: U.S. Computer Emergency Readiness Team, Common Vulnerability Scoring System, Common Vulnerabilities and Exposure

Threats, Impacts, Exposure Factor

  • Threat: an action/event that may potentially compromise/violate security
  • Incident: the occurrence upon realization of a violation of security
  • Impact: the outcome of the incident
  • Exposure Factor: potential loss of an asset upon an incident

Risk

  • Risk: probability of a particular threat to occur because of a specific vulnerability
  • Risk Management: process of reducing risks to acceptable levels
  • Goal of risk management is to minimize risk, not eliminate it

Security Controls (Countermeasures)

  • Security Controls: mechanisms to mitigate threats
  • Improper implementation may lead to increased risks
  • Groups of Security Controls: Technical, Administrative, and Physical

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

Learn about the importance of information security and how to protect assets from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.

More Like This

Computer Security Quiz
10 questions

Computer Security Quiz

ThumbsUpFantasy avatar
ThumbsUpFantasy
Information Security Protection Goals
10 questions
Information Security Fundamentals
6 questions
Conceptos básicos de ciberseguridad
5 questions
Use Quizgecko on...
Browser
Browser