Information Security Fundamentals Quiz

Questions and Answers

What is the primary purpose of the Sarbanes-Oxley Act?

To enhance the accuracy of corporate disclosures (correct)

To regulate the stock market directly

To reduce the power of the Federal Reserve

To provide tax relief to corporations

Which title of the Sarbanes-Oxley Act focuses on auditor independence?

Title II: Auditor Independence (correct)

Title IV: Enhanced Financial Disclosures

Title III: Corporate Responsibility

Title I: PCAOB

Which title mandates that senior executives take responsibility for the accuracy of financial reports?

Title VIII: Corporate and Criminal Fraud Accountability

Title III: Corporate Responsibility (correct)

Title IV: Enhanced Financial Disclosures

Title IX: Corporate Tax Returns

What aspect of the Sarbanes-Oxley Act addresses the penalties for white-collar crimes?

Title X: White Collar Crime Penalty Enhancement (D)

Which title outlines the responsibilities of public accounting firms in audits?

Title I: PCAOB (A)

What does Title IV of the Sarbanes-Oxley Act specifically address?

Enhanced financial disclosures (D)

What key aspect is defined in Title IX regarding corporate taxes?

The requirement for CEO signatures on tax returns (D)

Which title focuses on measures related to securities analysts to restore investor confidence?

Title V: Analyst Conflicts of Interest (A)

What type of offenses does Title XI identify and assign penalties for?

Corporate fraud and record tampering (C)

Which of the following best describes the purpose of the Digital Millennium Copyright Act (DMCA)?

To establish legal prohibitions against circumventing technological protection measures (A)

What framework does the Federal Information Security Management Act (FISMA) provide?

Standards for categorizing and securing federal information resources (B)

What is one of the significant penalties outlined under the General Data Protection Regulation (GDPR)?

Harsh fines reaching tens of millions of euros for privacy violations (B)

Which principle of GDPR emphasizes the necessity to only collect personal data relevant to specific purposes?

Data minimization (C)

What does the Data Protection Act 2018 primarily regulate?

The processing of personal information related to individuals (D)

What does GDPR's principle of accountability require from organizations?

To maintain detailed records of all data processing activities (C)

Under FISMA, what is a primary guide for selecting appropriate security controls for information systems?

Guidance for assessing security control effectiveness (D)

What is a primary requirement of the DPA regarding personal data processing?

It must be based on the data subject's consent or another specified basis. (B)

Which function is conferred on the Commissioner under the DPA?

To monitor and enforce the provisions of the DPA. (A)

Which legislation does NOT relate to cyber law in the United States?

Patents Act 1990 (C)

Which country has the Cybercrime Act 2001 as part of its cyber law framework?

Australia (D)

What does the DPA confer to individuals regarding their personal data?

The right to require rectification of inaccurate personal data. (A)

Which act governs the privacy of communications in the United States?

Electronic Communications Privacy Act (C)

Which law is primarily focused on the protection of information technology in India?

Information Technology Act (A)

Which country's cyber law includes the Investigatory Powers Act 2016?

United Kingdom (A)

Which of the following is NOT a requirement of the PCI Data Security Standard?

Conduct Regular Customer Satisfaction Surveys (B)

What is one of the primary objectives of ISO/IEC 27001:2013?

To manage security risks in a cost-effective manner (B)

What does the HIPAA Privacy Rule primarily ensure?

Patients' rights regarding their personal health information (D)

Which component of HIPAA includes technical safeguards for protected health information?

Security Rule (B)

Which of the following is a result of failing to meet PCI DSS requirements?

Fines or termination of payment card processing privileges (B)

What is NOT a use for ISO/IEC 27001:2013 within organizations?

Implementing comprehensive marketing strategies (A)

What does HIPAA's Enforcement Rule address?

Standards for enforcing the Administrative Simplification Rules (C)

Which of the following correctly describes the maintenance aspect of ISO/IEC 27001:2013?

It mandates organizations to continually improve their security management system. (C)

What are the characteristics of passive attacks in information security?

They involve intercepting and monitoring data flow. (D)

Which motive is not commonly associated with information security attacks?

Enhancing organizational productivity (A)

What challenge does BYOD (Bring Your Own Device) policies present for companies in terms of compliance?

Leads to fragmentation of data security. (B)

Which of the following best describes insider attacks?

Attacks conducted by individuals with privileged access to information systems. (A)

What is a common characteristic of active attacks?

They aim to disrupt systems or services. (B)

Which of the following options best describes distribution attacks?

Attacks where hardware or software is compromised before installation. (D)

What is a significant security challenge related to the relocation of sensitive data to the cloud?

Improper configuration and lack of control. (C)

What is a common goal behind various information security attacks?

Manipulating data or stealing information. (A)

Which of the following best describes Advanced Persistent Threats (APT)?

Attacks intended to steal information while remaining undetected. (A)

What is a key characteristic of ransomware?

It encrypts files and demands a ransom for recovery. (D)

Which type of attack is classified as a botnet?

A network of compromised systems controlled by an intruder. (B)

What does the Payment Card Industry Data Security Standard (PCI DSS) govern?

All entities involved in processing cardholder information. (B)

What risk do IoT devices pose to information security?

Flaws can allow remote access and attacks on networks. (B)

Which of the following defines an insider attack?

An attack performed by someone with authorized access. (C)

What distinguishes mobile threats in information security?

Increased usage of mobile devices but lower security measures. (B)

How do viruses and worms typically affect a network?

They can infect a network quickly and autonomously. (D)

Flashcards

Compliance Challenges

Compliance to laws and regulations in cybersecurity.

Skill Shortage in Cybersecurity

Lack of qualified professionals in cybersecurity field.

BYOD Compliance Issues

Challenges in compliance due to BYOD policies.

Passive Attacks

Attacks that intercept data without tampering it.

Active Attacks

Attacks that disrupt or alter data during transmission.

Insider Attacks

Attacks by individuals with privileged access.

PCI DSS

Payment Card Industry Data Security Standard; guidelines for securing card transactions.

Secure Network

A network designed to safeguard data from breaches and unauthorized access.

Close-in Attacks

Attacks performed in close physical proximity to a target.

Distribution Attacks

Tampering with hardware/software before installation.

Protect Cardholder Data

Measures to keep customer card details safe from theft or misuse.

Vulnerability Management Program

A system to identify, assess, and address security weaknesses.

ISO/IEC 27001:2013

Standard for establishing an information security management system in organizations.

HIPAA Privacy Rule

Protects personal health information and grants patient rights.

HIPAA Security Rule

Sets safeguards for maintaining electronic health information integrity and confidentiality.

National Identifier Requirements

Mandates standard national numbers for healthcare providers and entities.

Sarbanes-Oxley Act (SOX)

A 2002 law to protect investors through corporate disclosures.

PCAOB

Public Company Accounting Oversight Board oversees auditors.

Auditor Independence

Standards ensuring auditors are independent from clients.

Corporate Responsibility

Senior executives must verify accuracy of financial reports.

Enhanced Financial Disclosures

Stricter reporting for transactions and financial activities.

Whistle-blower Protections

Legal protections for individuals reporting wrongdoing.

White Collar Crime Penalty Enhancement

Increases penalties for white-collar crimes.

Corporate Tax Returns

CEOs must sign company tax returns for accountability.

Corporate Fraud Accountability

Laws defining corporate fraud and penalties for it, including record tampering.

Digital Millennium Copyright Act (DMCA)

US copyright law that addresses digital copyright protections and circumvention.

Federal Information Security Management Act (FISMA)

Framework ensuring information security for Federal operations and assets.

GDPR (General Data Protection Regulation)

Stringent EU regulation for data protection, effective from May 25, 2018.

GDPR Data Protection Principles

Key principles guiding data protection under GDPR: fairness, purpose limitation, etc.

Data Protection Act 2018 (DPA)

UK act regulating personal data processing and related functions.

Penalties for GDPR violations

Severe fines up to millions of euros for non-compliance with GDPR.

Information Security Standards

Guidelines provided by FISMA for categorizing and protecting information systems.

DPA Purpose

The DPA protects individuals in relation to personal data processing.

Lawful Processing

Personal data must be processed lawfully and fairly based on consent or a specified basis.

Data Subject Rights

Data subjects have the right to access and rectify their personal data.

Commissioner's Role

The Commissioner enforces and monitors compliance with data protection laws.

Fair Use Doctrine

A provision in U.S. law allowing limited use of copyrighted material without permission.

Privacy Act of 1974

A U.S. law that governs the collection and use of personal information by federal agencies.

Cybercrime Act 2001

An Australian law addressing various cyber offenses and crimes.

NIS Regulations

UK regulations that enhance security and resilience of digital services.

Cloud Computing Threats

Security risks associated with storing sensitive data in the cloud, like unauthorized access.

Advanced Persistent Threats (APT)

Stealthy attacks to steal information without user awareness, often targeting high-value assets.

Ransomware

Malware that restricts access to files and demands ransom for restoration.

Botnet

A network of compromised computers controlled by an attacker to perform various exploits.

Phishing

Fraudulent emails mimicking legitimate sources to steal users' personal information.

Web Application Threats

Attacks targeting web applications to steal credentials or private information.

Study Notes

Module 01: Information Security Fundamentals

• This module discusses the need for security, elements of information security, the security, functionality, and usability triangle, and security challenges.
• It details motives, goals, and objectives of information security attacks and their classification.
• It also covers information security attack vectors.
• Finally, it concludes with a detailed discussion of various information security laws and regulations.
• The next module will introduce ethical hacking, its fundamental concepts, cyber kill chain methodology, hacking concepts, hacker classes, and the various phases of the hacking cycle.

Description

This quiz assesses your understanding of Information Security Fundamentals, including security needs, elements, attack vectors, and relevant laws and regulations. Test your knowledge on the various motives and methods behind security challenges and information security attacks.