Information Security Overview Quiz

Questions and Answers

Which of the following is NOT a common information security concern mentioned in the text?

• Malware
• Phishing
• Ransomware
• Denial of Service (DoS) attacks (correct)

What are the key concepts associated with information system security?

• Confidentiality, integrity, and availability (correct)
• Availability, risks, and safeguards
• Integrity, availability, and risks
• Confidentiality, integrity, and application

What is the main goal of information security?

• To protect the confidentiality, integrity, and authentication of information
• To protect the confidentiality, integrity, and agility of information
• To protect the confidentiality, integrity, and availability of information (correct)
• To protect the availability, risks, and safeguards of information

Why is information security an important issue for organizations?

To prevent data breaches that could damage an organization's reputation (B)

What is one of the mechanisms that ensures information security?

Biometric data (A)

What type of data is often collected by organizations and can be used to identify a person?

Driver's license number (A)

What ensures that data is accessible when it needs to be?

Availability (B)

Which term refers to a weakness or flaw in an information system?

Vulnerability (C)

What reduces harm posed from information security vulnerabilities or threats?

Mitigation (D)

Which concept refers to the likelihood that a threat will exploit a vulnerability and cause harm?

Risk (C)

What are step-by-step checklists that explain how to meet security goals called?

Procedures (C)

What do organizations include in outsourcing contracts to meet their legal obligations?

Security clauses and safeguards (D)

Flashcards are hidden until you start studying

Study Notes

Information Security Overview

• Information is a valuable asset for many organizations, and its security is crucial to prevent reputation damage and criminal charges.
• The goal of information security is to protect the confidentiality, integrity, and availability (CIA) of information.

Confidentiality, Integrity, and Availability (CIA)

• Confidentiality: Ensures only authorized personnel can access and use information, using encryption and access controls to protect it.
• Integrity: Ensures information systems and data are accurate, and changes can only be made with appropriate permission.
• Availability: Ensures data is accessible when needed, and individuals with proper permission can use systems and retrieve data reliably and in a timely manner.

Basic Information Security Concepts

• Vulnerability: A weakness or flaw in an information system.
• Exploit: A successful attack against a vulnerability.
• Mitigation: Reduces harm posed by information security vulnerabilities or threats.
• Threat: Anything that can harm an information system.
• Risk: Likelihood that a threat will exploit a vulnerability and cause harm.
• Safeguard: Reduces harm posed by information security vulnerabilities or threats.

Mechanisms That Ensure Information Security

• Laws and legal duties: Organizations must follow laws and general legal duties to ensure information security.
• Contracts: Include specific security clauses and safeguards in outsourcing contracts to meet legal obligations.
• Organizational governance:
  • Policies: Specifies how an organization must act, and the consequences for failing to act properly.
  • Standards: State activities and actions needed to meet policy goals.
  • Procedures: Step-by-step checklists explaining how to meet security goals.
  • Guidelines: Inform users about information security concerns and suggest ways to deal with them.

Data Protection Models

• Public (Government) model: High interest in confidentiality and integrity.
• Private (Corporations) model: High interest in availability and accuracy.