The CIA Triad

Questions and Answers

Which of the following best describes confidentiality in the context of the CIA triad?

The assurance that information is trustworthy and accurate

A set of rules that limits access to information (correct)

A guarantee of reliable access to information

The protection of sensitive business information

What does the Parkerian Hexad principle of authenticity refer to?

The protection of sensitive business information

The truth of the claim of origin or authorship of information (correct)

The usefulness of information

The loss of control or possession of information

What is the purpose of information security?

To limit access to information

To ensure the reliability and accuracy of information

To protect sensitive business information from modification, disruption, destruction, and inspection (correct)

To provide availability of information

Which of the following is an example of a fabrication threat?

Log / Audit Trail Falsification

What is the difference between a modification attack and a fabrication attack?

A modification attack attacks the authenticity of the system, while a fabrication attack attacks the integrity of the system.

What is the Risk Management Framework used for?

To identify, eliminate, and minimize risks in a company's environment.

Which of the following best describes the principle of possession or control in the Parkerian Hexad?

Loss of control or possession of information involving the breach of confidentiality

What is the purpose of the CIA triad?

To provide confidentiality, integrity, and availability of information

What does information security refer to?

The processes and tools designed and deployed to protect sensitive business information

Which of the following is an example of a fabrication attack?

Log / Audit Trail Falsification

What is the difference between a modification attack and a fabrication attack?

A modification attack modifies the assets of the system, while a fabrication attack inserts counterfeit objects into the system.

What is the purpose of the Risk Management Framework?

To identify, eliminate and minimize risks in a company's environment.

Study Notes

CIA Triad

• Confidentiality refers to the protection of sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.

Parkerian Hexad

• The principle of authenticity refers to the assurance that data is genuine and tamper-free.
• The principle of possession or control refers to the ability to control and manage access to data and resources.

Information Security

• The purpose of information security is to protect information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Threats

• A fabrication threat is an example of an unauthorized creation of data or logs, such as inserting fake transactions into a database.
• A modification attack involves altering data in an unauthorized manner, whereas a fabrication attack involves creating new data or logs.

Risk Management Framework

• The Risk Management Framework is used to manage and mitigate risks to an organization's information systems.
• The purpose of the Risk Management Framework is to identify, assess, and prioritize risks, and to implement controls and countermeasures to mitigate those risks.

Description

Test your knowledge of the CIA triad with this quiz! Learn about the concepts of confidentiality, integrity, and availability and how they relate to information security. Challenge yourself with questions that explore the importance of limiting access to information, preserving data integrity, and ensuring data is always accessible when needed.