30 Questions
Which of the following is NOT a goal of data security practices?
To restrict access to information
Who are the stakeholders that organizations must recognize the privacy and confidentiality needs of?
Clients and patients
What can happen if an organization's confidential data is stolen or breached?
Loss of competitive advantage
Which of the following influences data security requirements?
All of the above
Which of the following is a potential consequence of ineffective security architecture or processes?
Increased overall cost
Which step is NOT included in the overall process of implementing an operational security strategy?
Locate sensitive data throughout the enterprise
What is one potential impact of security breaches on well-established brands?
Increased financial losses
What is the purpose of capturing security classifications and regulatory sensitivity at the data element and data set level?
To prevent unauthorized access to and misuse of data assets
Which of the following is a goal of data security policies and procedures?
To enable appropriate access to data assets
Who are the stakeholders that have privacy and confidentiality needs?
Clients, suppliers, and constituents
What are the primary drivers of data security activities?
Risk reduction and business growth
Why is it important to address data security as an enterprise initiative?
To integrate information management and protection into a coherent strategy
Which of the following is an example of Critical Risk Data (CRD)?
Data that is aggressively sought for unauthorized use by both internal and external parties due to its high direct financial value
Who is usually responsible for the overall Information Security function in an enterprise?
Chief Information Security Officer (CISO)
What is the first step in the NIST Risk Management Framework?
Categorizing all enterprise information
What is the meaning of 'access' as a noun?
Having a valid authorization to the data
Which of the following is a goal of data security activities?
All of the above
What is a vulnerability in the context of information security?
A weaknesses or defect in a system that allows it to be successfully attacked and compromised
What is a threat in the context of information security?
A potential offensive action that could be taken against an organization
How can risks be prioritized in data security?
All of the above
Which of the following is true about authentication in information security?
Authentication verifies the identity of a person logging into a system
Which of the following is true about authorization in information security?
Authorization grants individuals privileges to access specific views of data
What is an entitlement in information security?
An entitlement is the sum total of all the data elements exposed to a user by a single access authorization decision
What is data integrity in information security?
Data integrity is the state of being protected from improper alteration, deletion, or addition
Which encryption methods are considered secure?
Twofish and Serpent
What is the purpose of public-key encryption?
To allow the sender and receiver to have different keys
Which encryption method is a freely available application of public-key encryption?
PGP
What does obfuscation or masking do to data?
Changes the appearance of the data without losing meaning
What is the purpose of obfuscation or masking?
To make data less available
What are the primary methods of public-key encryption mentioned in the text?
RSA Key Exchange and DiffieHellman Key Agreement
Test your knowledge on auditing security actions and user activity with this quiz. Learn about the importance of compliance with regulations, company policies, and standards. Dive into topics such as authentication logs and system verification.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free