LEGAL ISSUES IN INFORMATION SECURITY
C841 FINAL PAPER 2026 QUESTIONS WITH
ANSWERS GRADED A+
◉ What is a procedure? Answer: A checklist of actions that should be
performed to achieve a certain goal.
◉ What is information security? Answer: The types of steps an
organization should take to protect its information. The study and
practice of protecting information.
◉ What is Cryptography? Answer: It is the practice of hiding
information so that unauthorized persons cannot read it.
◉ What is shoulder surfing? Answer: A type of intentional attack. It
occurs when an attacker scretly looks "over the should" of someone at a
computer and tries to discover his or her sensitive information without
permission.
◉ What is social engineering? Answer: These attack rely heavily on
human interaction. They take advantage of how people normally talk
with one another and interact. It is not a technical attack, but rather
,involves tricking other people to break security rules and share sensitive
information.
◉ What is a vulnerability? Answer: It is a weakness or flaw in an
information system. That can be classifed into four broad categories
including people, process, facility, and technology.
◉ What is the separation of duties? Answer: This rule requies that two
or more employees must split critical task functions so that no one
employee knows all the steps of the critical task.
◉ What is a patch? Answer: It is a piece of software or code that updates
a program to address security or other operational problems.
◉ What is an exploit? Answer: Exploit are successful attacks against a
vulnerability. They take place in a period known as the window of
vulnerability.
◉ What is a threat? Answer: Anything that can harm an information
system.
◉ What are the four categories of threats? Answer: 1. Humans
2. Natural
3. Technological and operational
,4. Physical and environmental.
◉ What is risk? Answer: A risk is the likelihood that a threat will exploit
a vulnerability and cause harm to the organization.
◉ What are the six categories of risks? Answer: 1. Financial
2. System/Service
3. Operational
4. Reputational
5. Compliance
6. Strategic
◉ What is risk analysis? Answer: The process of reviewing known
vulnerabilities and threats.
◉ What are the four categories to respond to risk? Answer: 1. Risk
avoidance
2. Risk Mitigation
3. Risk transfer
4. Risk acceptance.
, ◉ What is risk avoidance? Answer: It is the process of applying
safeguards to avoid a negative impact. A risk avoidance strategy seeks to
eliminate all risk.
◉ What is risk mitigation? Answer: Organizations apply safeguards to
vulnerabilities and threats to lower risk to an acceptable level.
◉ What is residual risk? Answer: The amount of risk left over after
applying safeguards.
◉ What is risk transfer? Answer: An organization passes its risk to
another entity, at which point the risk impact is borne by the other entity.
◉ What is risk acceptance? Answer: An organization can decide to
deliberately take no action against an identified risk.
◉ What is a safeguard? Answer: A safeguard reduce the harm posed by
information security vulnerabilities or threats and may eliminate or
reduce the risk of harm.
◉ What are the three categories of safeguards? Answer: 1.
Administrative
2. Technical
3. Physical
C841 FINAL PAPER 2026 QUESTIONS WITH
ANSWERS GRADED A+
◉ What is a procedure? Answer: A checklist of actions that should be
performed to achieve a certain goal.
◉ What is information security? Answer: The types of steps an
organization should take to protect its information. The study and
practice of protecting information.
◉ What is Cryptography? Answer: It is the practice of hiding
information so that unauthorized persons cannot read it.
◉ What is shoulder surfing? Answer: A type of intentional attack. It
occurs when an attacker scretly looks "over the should" of someone at a
computer and tries to discover his or her sensitive information without
permission.
◉ What is social engineering? Answer: These attack rely heavily on
human interaction. They take advantage of how people normally talk
with one another and interact. It is not a technical attack, but rather
,involves tricking other people to break security rules and share sensitive
information.
◉ What is a vulnerability? Answer: It is a weakness or flaw in an
information system. That can be classifed into four broad categories
including people, process, facility, and technology.
◉ What is the separation of duties? Answer: This rule requies that two
or more employees must split critical task functions so that no one
employee knows all the steps of the critical task.
◉ What is a patch? Answer: It is a piece of software or code that updates
a program to address security or other operational problems.
◉ What is an exploit? Answer: Exploit are successful attacks against a
vulnerability. They take place in a period known as the window of
vulnerability.
◉ What is a threat? Answer: Anything that can harm an information
system.
◉ What are the four categories of threats? Answer: 1. Humans
2. Natural
3. Technological and operational
,4. Physical and environmental.
◉ What is risk? Answer: A risk is the likelihood that a threat will exploit
a vulnerability and cause harm to the organization.
◉ What are the six categories of risks? Answer: 1. Financial
2. System/Service
3. Operational
4. Reputational
5. Compliance
6. Strategic
◉ What is risk analysis? Answer: The process of reviewing known
vulnerabilities and threats.
◉ What are the four categories to respond to risk? Answer: 1. Risk
avoidance
2. Risk Mitigation
3. Risk transfer
4. Risk acceptance.
, ◉ What is risk avoidance? Answer: It is the process of applying
safeguards to avoid a negative impact. A risk avoidance strategy seeks to
eliminate all risk.
◉ What is risk mitigation? Answer: Organizations apply safeguards to
vulnerabilities and threats to lower risk to an acceptable level.
◉ What is residual risk? Answer: The amount of risk left over after
applying safeguards.
◉ What is risk transfer? Answer: An organization passes its risk to
another entity, at which point the risk impact is borne by the other entity.
◉ What is risk acceptance? Answer: An organization can decide to
deliberately take no action against an identified risk.
◉ What is a safeguard? Answer: A safeguard reduce the harm posed by
information security vulnerabilities or threats and may eliminate or
reduce the risk of harm.
◉ What are the three categories of safeguards? Answer: 1.
Administrative
2. Technical
3. Physical
