ITSMA - L1 Introduction to ITSMA

Questions and Answers

What is the ultimate objective of security?

• To protect the sovereignty of a state
• To protect assets, resources, and people
• To protect from adversaries (correct)
• To implement a multi-layered system

What are the six layers of security that a successful organization should have in place?

• Physical, personal, operations, communications, network, and information security (correct)
• Physical, financial, operations, communications, network, and information security
• Physical, personal, operations, communications, human resources, and information security
• Physical, personal, operations, communications, network, and reputation security

What is the purpose of auditing in information security?

• To ensure confidentiality
• To ensure integrity
• To evaluate the effectiveness of the defense systems (correct)
• To ensure availability

What is a cyber threat?

An event or circumstance that has the potential to cause a negative/undesired outcome (B)

What are the three types of vulnerabilities?

Known, business logic-related, and zero-day (C)

What are the two types of cyber risks?

External and internal (D)

What is the goal of confidentiality in information security?

To ensure that computer-related assets are accessed only by authorized parties (B)

What is a cyber risk in information security?

The impact of a threat exploiting a vulnerability (D)

What is the goal of integrity in information security?

To ensure that assets can be modified only by authorized parties or only in authorized ways (B)

What is the goal of availability in information security?

To ensure that assets are accessible to authorized parties at appropriate times (C)