12 Questions
What is the primary purpose of a disaster recovery plan?
To recover an organization's business information system assets in the event of a disaster
What is the main objective of a security policy?
To define an organization's security requirements and controls
What is the primary purpose of a security audit?
To evaluate the effectiveness of an organization's security policy
What is an example of a biometric authentication method?
Retina scan
What is the purpose of risk assessment?
To assess security-related risks to an organization's computers and networks
What is an example of a multifactor authentication scheme?
Biometrics and hardware tokens
What is the primary function of a router in a network?
To connect multiple networks and transmit data packets between them
What is the purpose of an encryption key?
To apply a value to unencrypted text to produce encrypted text
What is the primary purpose of a Virtual Private Network (VPN)?
To enable remote users to securely access an organization's computing resources
What is the primary function of a firewall in a network?
To stand guard between an organization's internal network and the Internet
What is the purpose of Transport Layer Security (TLS)?
To ensure privacy between communicating applications and their users on the Internet
What is the primary function of a proxy in a network?
To act as an intermediary between a web browser and another server
Study Notes
CIA at the Organization Level
- Risk assessment is the process of evaluating security-related risks to an organization's computers and networks from both internal and external threats.
- A disaster recovery plan is a documented process for recovering an organization's business information system assets, including hardware, software, data, networks, and facilities in the event of a disaster.
- A security policy defines an organization's security requirements, as well as the controls and sanctions needed to meet those requirements.
- A good security policy outlines responsibilities and expected behavior of organization members.
- A security audit evaluates whether an organization has a well-considered security policy in place and if it is being followed.
CIA at the Network Level
- An organization must authenticate users attempting to access its network using various methods, including:
- Username and password
- Smart card and a PIN
- Fingerprint
- Voice pattern sample
- Retina scan
- Multifactor authentication schemes include:
- Biometrics
- One-time passwords
- Hardware tokens that plug into a USB port and generate a password
Network Security Systems
- A firewall is a software and/or hardware system that protects an organization's internal network from the Internet.
- A router is a networking device that connects multiple networks and transmits data packets between them.
Encryption
- Encryption is the process of scrambling messages or data to make it unreadable by unauthorized parties.
- An encryption key is a value used to produce encrypted text that can only be read by those with the key.
- There are two types of encryption algorithms: symmetric and asymmetric.
Transport Layer Security
- Transport Layer Security (TLS) is a communications protocol that ensures privacy between applications and users on the Internet.
Network Intermediaries
- A proxy acts as an intermediary between a web browser and another server on the Internet.
- A Virtual Private Network (VPN) enables remote users to securely access an organization's computing resources by transmitting and receiving encrypted data over public networks, such as the Internet.
This quiz covers the concepts of risk assessment, disaster recovery planning, and security policies in an organizational context.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free