iSecurity Quiz: Definition of InfoSec and More

Questions and Answers

What is information security?

Information security is the practice of protecting information by mitigating information risks.

What does information security focus on?

Information security focuses on the balanced protection of data confidentiality, integrity, and availability (also known as the CIA triad), while maintaining efficient policy implementation.

What is the process involved in information security?

The process involves identifying information and related assets, evaluating risks, deciding how to address or treat the risks, selecting or designing appropriate security controls, implementing them, and monitoring activities for adjustments.

What are some areas of specialization in information security?

Securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning, electronic record discovery, and digital forensics. Signup and view all the answers

What are some common information security threats?

Software attacks, theft of intellectual property, theft of identity, theft of equipment or information, sabotage, and information extortion. Signup and view all the answers

What is the number one threat to any organization in terms of information security?

Users or internal employees, also known as insider threats. Signup and view all the answers

What are some possible responses to a security threat or risk?

Reduce/mitigate, assign/transfer, accept. Signup and view all the answers

What is the purpose of standardization in information security?

Standardization in information security is driven by laws and regulations that affect how data is accessed, processed, stored, transferred, and destroyed. Signup and view all the answers

What is the definition of information security according to ISO/IEC 27000:2009?

The preservation of confidentiality, integrity, and availability of information, with additional properties such as authenticity, accountability, non-repudiation, and reliability. Signup and view all the answers

What is the role of information assurance in information security?

Information assurance involves maintaining the confidentiality, integrity, and availability of information, ensuring that it is not compromised during critical events such as natural disasters, computer/server malfunction, and physical theft. Signup and view all the answers

Why are IT security specialists important in major enterprises/establishments?

IT security specialists are responsible for keeping the technology within a company secure from malicious cyber attacks that aim to acquire critical private information or gain control of internal systems. Signup and view all the answers

Study Notes

What is Information Security?

Information security is the practice of protecting digital information from unauthorized access, use, disclosure, disruption, modification, or destruction.
It involves the protection of digital information in transit, in use, and in storage.

Focus of Information Security

Information security focuses on identifying and mitigating risks to digital information, including confidentiality, integrity, and availability.

Process of Information Security

The process of information security typically involves identifying, classifying, and protecting sensitive information, as well as detecting, responding to, and recovering from security incidents.

Areas of Specialization in Information Security

Cryptography: the practice of secure communication in the presence of third-party adversaries.
Network security: the protection of network communication and devices.
Compliance and-policy: ensuring adherence to regulatory requirements and organizational policies.
Incident response: responding to and managing security incidents.

Common Information Security Threats

Malware (viruses, worms, Trojan horses)
Phishing and social engineering
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
Ransomware
Insider threats

Top Threat to Organizations

Insider threats (current or former employees, contractors, or partners with access to sensitive information).

Response to Security Threats or Risks

Risk avoidance: eliminating the risk by not engaging in the activity that creates the risk.
Risk mitigation: reducing the risk through countermeasures or security controls.
Risk transfer: transferring the risk to another party through insurance or outsourcing.
Risk acceptance: accepting the risk and taking no action.

Purpose of Standardization in Information Security

Standardization provides a common framework and language for information security, ensuring consistency and interoperability across organizations.

Definition of Information Security (ISO/IEC 27000:2009)

Information security is the preservation of confidentiality, integrity, and availability of information.

Role of Information Assurance in Information Security

Information assurance is the practice of ensuring that information is accurate, reliable, and accessible to authorized users.

Importance of IT Security Specialists

IT security specialists are essential in major enterprises to protect sensitive information and systems from cyber threats, ensuring business continuity and protecting the organization's reputation.