Information Security and Assurance - C725

Document Content and Description Below

Information Security and Assurance - C725 People - - ✔✔Information security is primarily a discipline to manage the behavior of _____. A. Technology B. People C. Processes D. Organizations ... All of these - - ✔✔Careers in information security are booming because of which of the following factors? A. Threats of cyberterrorism B. Government regulations C. Growth of the Internet D. All of these Security policies and procedures Explanation: Answer A is correct. The Carnegie Melon Information Network Institute (INI) designed programs to carry out multiple tasks including Information Security Policies. - - ✔✔A program for information security should include which of the following elements? A. Security policies and procedures B. Intentional attacks only C. Unintentional attacks only D. None of these D. All of these - - ✔✔The growing demand for InfoSec specialists is occurring predominantly in which of the following types of organizations? A. Government B. Corporations C. Not-for-profit foundations D. All of these Confidentiality - - ✔✔The concept of the measures used to ensure the protection of the secrecy of data, objects, or resources.B-Rate Safe Rating - - ✔✔A catchall safe rating for any box with a lock on it. This rating describes the thickness of the steel used to make the lockbox. No actual testing is performed to gain this rating. C-Rate Safe Rating - - ✔✔This safe rating is defined as a variably thick steel box with a 1-inch-thick door and a lock. No tests are conducted to provide this rating, either. UL TL-15 Safe Rating - - ✔✔Safes with an Underwriters Laboratory rating that have passed standardized tests as defined in Underwriters Laboratory Standard 687 using tools and an expert group of safe-testing engineers. The safe rating label requires that the safe be constructed of 1-inch solid steel or equivalent. The label means that the safe has been tested for a net working time of 15 minutes using "common hand tools, drills, punches hammers, and pressure applying devices." Net working time means that when the tool comes off the safe, the clock stops. Engineers exercise more than 50 different types of attacks that have proven effective for safecracking. UL TL-30 Safe Rating - - ✔✔This Underwriters Laboratory rating testing is essentially the same as the TL-15 testing, except for the net working time. Testers get 30 minutes and a few more tools to help them gain access. Testing engineers usually have a safe's manufacturing blueprints and can disassemble the safe before the test begins to see how it works. B. Disclosure Explanation: Confidentiality models are primarily intended to ensure that no unauthorized access to information is permitted and that accidental disclosure of sensitive information is not possible. - - ✔✔Related to information security, confidentiality is the opposite of which of the following? A. Closure B. Disclosure C. Disaster D. Disposal D. All of these Explanation: Integrity models keep data pure and trustworthy by protecting system data from intentional or accidental changes. - - ✔✔Integrity models have which of the three goals: A. Prevent unauthorized users from making modifications to data or programs B. Prevent authorized users from making improper or unauthorized modifications C. Maintain internal and external consistency of data and programsD. All of these D. All of these Explanation: Availability models keep data and resources available for authorized use, especially during emergencies or disasters. - - ✔✔Information security professionals usually address which of these three common challenges to availability: A. Denial of service (DoS) due to intentional attacks or because of undiscovered flaws in implementation (for example, a program written by a programmer who is unaware of a flaw that could crash the program if a certain unexpected input is encountered) B. Loss of information system capabilities because of natural disasters (fires, floods, storms, or earthquakes) or human actions (bombs or strikes) C. Equipment failures during normal use. D. All of these A. Confidentiality, integrity, and availability Explanation: These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security programs. - - ✔✔Which of the following represents the three goals of information security? A. Confidentiality, integrity, and availability B. Prevention, detection, and response C. People controls, process controls, and technology controls D. Network security, PC security, and mainframe security business case Explanation: A business case is often made to justify the start of a new project, especially a project related to security. - - ✔✔Usually a documented argument or stated position in order to define a need to make a decision or take some form of action. top-down approach - - ✔✔A type of security management planning where upper, or senior, management is responsible for initiating and defining policies for the organization. bottom-up approach - - ✔✔A type of security management planning where IT staff makes security decisions directly without input from senior management. This approach is rarely used in organizations and is considered problematic in the IT industry. [Show More]

Last updated: 1 year ago

Preview 1 out of 80 pages