Information Security Management - CYBER 322

Questions and Answers

Which of the following is NOT a functional area of Information Security management?

Security Audits

Customer relationship management (correct)

Incident management response process

Risk assessments on internal systems

In the 1990s, security was treated as a high priority in early Internet deployments.

False

What is the primary reason for the increased need for improved security in recent years?

The growing threat of cyber attacks.

Information security is no longer the sole responsibility of a __________ group of people in the company.

discrete

Match the following areas of security with their definitions:

Physical = Protection of physical items from unauthorized access Operations = Protection of an organization's operations and activities Communications = Protection of all communications media and content Network = Protection of networking components and connections

What are the three primary dimensions identified in the CNSS Security Model?

Confidentiality, Integrity, Availability

Information security only focuses on protecting digital information.

False

Name one characteristic of information that is essential for its value.

confidentiality, integrity, or availability

The _____ triangle represents the three primary dimensions of information security.

C.I.A.

Match the following components of an Information System with their descriptions:

Software = Applications that process data Hardware = Physical devices that support information processing Data = Information that is processed and stored People = Individuals who interact with the information system Networks = Connections that allow data sharing between devices Procedures = Rules and guidelines for data processing

Which of the following is NOT a core element of achieving information security?

Insurance Plans

A strong security posture prevents all potential security attacks.

False

Which of the following is NOT one of the core principles of traditional management theory?

Leading

Leadership involves using resources to get a job done.

False

What is the primary process involved in planning within management?

Developing, creating, and implementing strategies for objectives.

The basic approaches to management are traditional management theory and _____ management theory.

popular

Match the management function with its description:

Planning = Developing strategies for objectives Organizing = Structuring resources for task accomplishment Leading = Supervising employee behavior and performance Controlling = Ensuring progress towards goals

What is the primary role of governance within an organization?

Providing strategic direction and managing risks

The leading function of management involves ignoring employee performance.

False

What does the controlling function in management ensure?

The validity of the organization's plan and sufficient progress.

The management function of _____ involves structuring departments and associated staffs.

organizing

What does the primary purpose of the CNSS Security Model aim to identify?

Gaps in an information security program

Confidentiality ensures that information is accessible to any user without restrictions.

False

List the three main characteristics measured by the CIA Triangle.

Confidentiality, Integrity, Availability

The process that proves a user possesses the identity they claim is known as __________.

authentication

Match the following terms with their definitions:

Confidentiality = Access is restricted to authorized users Integrity = State of being whole, complete, and uncorrupted Availability = Information is accessible in a required format Accountability = Assurance that activities can be attributed to a person or process

Which of the following is NOT a measure used to protect confidentiality?

Public access to information

Integrity is concerned with ensuring that information is always available to users.

False

What does authorization ensure in an information system?

That a user has been explicitly authorized to access or update an information asset.

The characteristic of information which allows users to access data without ___________ is termed availability.

interference

Study Notes

Information Security Management - CYBER 322

• Information security management is a multifaceted process that goes beyond technology.
• Technological safeguards are constantly being circumvented; essential governance and operational processes are crucial.
• Examples of essential governance and operational processes include incident management, classifying data value, and risk assessments on internal systems. Security audits and a framework for governance, risk, and compliance are crucial components.
• Current and former employees are the primary sources of security incidents.
• The course aims to examine security functions within organizations holistically.
• Every situation is unique; what works for one organization might fail in another.
• Security means freedom from danger, protecting against loss, damage, unwanted modifications, and hazards.
• Information security is synonymous with computer security.
• Information security is not the sole responsibility of a single group.
• Specialized areas of security include physical security (protection of physical items), operational security (protection of organizational activities), communications security (protection of communication media), and network security (subset of communication security focused on networks).
• Information security (InfoSec) encompasses protecting information based on its characteristics (confidentiality, integrity, availability).
• Achieving InfoSec involves policy, technology, and training/awareness programs.
• The infoSec role is to protect an organization's information assets.
• The CNSS Security Model provides a detailed perspective and identifies gaps in the effectiveness of an infoSec program. It addresses confidentiality, integrity, and availability. It's recommended to evaluate a program encompassing 27 cells when designed/revised. The CIA triangle has expanded to include aspects like identification, authentication, authorization, privacy, and accountability.
• Confidentiality requires limiting information access to authorized users only. Measures include classification schemas, secure storage, security policies, and user education.
• Integrity means maintaining data completeness and accuracy. Threats include corruption, damage, destruction, and disruption.
• Availability implies user access to info in the required format, uninterrupted. Availability doesn't guarantee access by all parties.
• Identification recognizes individual users. Authentication verifies user identity. Authorization allows access, update, or deletion based on user privileges.
• Privacy ensures that data is used only for stated purposes. Accountability ensures activities are attributed to specific individuals or processes.
• Management is the process of achieving objectives using resources effectively. Leadership influences others to achieve a common goal.
• Management involves using resources efficiently to accomplish a task.
• Management theories include traditional principles (planning, organizing, staffing, directing, and controlling) and popular principles (planning, organizing, leading, and controlling).
• Management characteristics include specific skills, functions, principles, and responsibilities.
• Planning, organizing, leading, and controlling are core management functions.
• Solving problems involves recognizing the problem, gathering facts, developing solutions, evaluating solutions, and implementing the selected solution; also evaluating the success of the implemented solution.
• Information security management principles include planning, policy, programs, protection, people, and project management (six P's).
• InfoSec plans cover incident response, business continuity, disaster recovery, policy, personnel, technology rollout, risk management, and security programming.
• Policy guidelines dictate organizational behavior and fall into three general categories: enterprise-level, issue-specific, and system-specific.
• Programs are InfoSec operations managed as separate entities, such as security education and awareness programs, and physical security programs. Protection involves risk management activities, including risk assessments and controls, protection mechanisms, technologies, and tools.
• People are crucial links and involve security personnel and security education and awareness.
• Project management involves resource identification, progress assessment, and process adjustment, applicable to all infosec initiatives.

Description

Explore the essential processes and frameworks involved in information security management in this comprehensive quiz. Understand the vital role of governance, incident management, and risk assessments in safeguarding organizational data. This quiz delves into the complexities of security incidents and the collaborative effort required to maintain security standards.