Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Information Security Unit 1&amp 2

    Hochgeladen von

    Prabakar Thepaiya
    104 Ansichten7 Seiten
    Information Security Unit 1&2 quest. with answers

    Originaltitel

    Information Security Unit 1&2

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    DOCX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Information Security Unit 1&2 quest. with answers

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    104 Ansichten7 Seiten

    Information Security Unit 1&amp 2

    Hochgeladen von

    Prabakar Thepaiya
    Information Security Unit 1&2 quest. with answers

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 7

    UNIT I

    1. Define Information Security. It is a well-informed sense of assurance that the information risks and controls are in balance. 2. What is Security? Security is the quality or state of being secure-to be free from danger. 3. What are the characteristics of CIA triangle? Confidentiality Integrity Availability 4. What are the characteristics of Information Security? Availability Accuracy Authenticity Confidentiality Integrity Utility Possession 5. What are the measures to protect the confidentiality of information? Information Classification Secure document storage Application of general Security Policies. Education of information end-users 6. What is SDLC? The Systems Development Life Cycle is a methodology for the design and implementation of an information system in an organization. 7. What is a methodology? Methodology is a formal approach to solve a problem based on a structured sequence of procedures.

    8. What are the phases of SDLC Waterfall method?

    Investigation Analysis Logical Design Physical Design Implementation Maintenance & change 9. What is an attack? It is a deliberate act that exploits vulnerability. 10. What vulnerability? It is an identified weakness of a controlled system with controls that are not present or no longer effective. 11. Define Security attack? Any action that compromises the security of information owned by an organization. 12. Define Security Mechanism? A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.

    13. What are the security services? A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.

    14. Define Passive attack? Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted.

    15. Define Active attack. Active attacks involve some modification of the data stream or the creation of a false stream.

    16. What is Access Control? \ A variety of mechanisms that enforce access rights to resources.

    17. What is Data Integrity? A variety of mechanisms used to assure the integrity of a data unit or stream of data units.

    18. What is Encipherment? The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.

    19. Define Threat Threat is an object, person or other entity that represents a constant danger to an asset.

    20. What are Hackers? Hackers are people who use and create computer software for enjoyment or to gain access to information illegally.

    Unit II

    1. What is Risk Management? It is the process of identifying, assessing and evaluating the levels of risk facing the organization. 2. What is risk assessment? It is the process of assessing the relative risk for each of the vulnerabilities. 3. What is risk assessment? It is the process of assessing the relative risk for each of the vulnerabilities. 4. What is Residual Risk? It is the risk that remains to the information asset even after the existing control has been applied. 5. What are Policies? Policies are documents that specify an organizations approach to security. 6. What are the types of security policies? General Security Policy Program Security Policy Issue-Specific Policies 7. What are the Risk Control Strategies? Avoidance It is the risk control strategy that attempts to prevent the exploitation of the vulnerability. Transference It is the control approach that attempts to shift the risk to other assets, other processes ,or other organizations. Mitigation It is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation. Acceptance. It is the choice to do nothingto protect vulnerability and to accept the outcome of an exploited vulnerability. 8. What are the common methods for Risk Avoidance? Avoidance through Application of Policy Avoidance through Application of training and education

    Avoidance through Application of technology

    9. What are the commonly accepted information security Principles? confidentiality Integrity Availability Authentication Authorization Accountability Privacy. 10. What is a Policy? It is a plan or course of action, as of a government, political party, intended to influence and determine decisions, actions and other matters. 11. What are the types of Security Program Policy. security program policy (SPP) is also known as a. A general security policy b. IT security policy c. Information security policy

    12. What are Policy Management? Policies must be managed as they constantly change To remain viable, security policies must have: a. Individual responsible for the policy (policy administrator) b. A schedule of reviews c. Method for making recommendations for reviews d. Specific policy issuance and revision date

    13. What is risk mitigation

    Mitigation is the control approach that attempts to reduce, by means of planning and preparation, the damage caused by the exploitation of vulnerability. This approach includes three types of plans:

    the disaster recovery plan (DRP), incident response plan (IRP), and business continuity plan (BCP).

    14. What are the Categories of Controls

    Controlling risk by means of avoidance, mitigation, or transference may be accomplished by implementing controls or safeguards. Controls can be placed into one of four categories: Control function Architectural layer Strategy layer Information security principle

    15. What are Information Security Principle Risk controls operate within one or more of the commonly accepted information security principles: Confidentiality Integrity Availability Authentication Authorization Accountability Privacy

    16. What are the NIST Security Models? Another possible approach described in documents available from Computer Security Resource Center of NIST

    SP 800-12 SP 800-14 SP 800-18 SP 800-26 SP 800-30

    17. What are the VISA International Security Model? VISA has developed two important documents that improve and regulate its information systems: The Security Assessment Process document contains a series of recommendations for the detailed examination of an organizations systems with the eventual goal of integration into the VISA systems. The Agreed Upon Procedures document outlines the policies and technologies used to safeguard security systems that carry the sensitive cardholder information to and from VISA systems.

    Das könnte Ihnen auch gefallen