MIS 341 CHAP 1 EXAM QUESTIONS WELL ANSWERED LATEST UPDATE 2026
What is the primary focus of information security? - Answers The protection of information assets
that use, store, or transmit information through policy, education, and technology.
What does the C.I.A. triad stand for in information security? - Answers Confidentiality, Integrity, and
Availability.
What are the major components of information systems? - Answers Hardware, software, data,
people, procedures, and networks.
What approach to security implementation is driven by upper management? - Answers The top-down
approach.
Who is responsible for the security and use of a particular set of information? - Answers Data owners.
What is the role of data custodians in an organization? - Answers They are responsible for the
storage, maintenance, and protection of information.
Who are data trustees? - Answers Appointed by data owners to coordinate storage, protection, and
use of data with custodians.
Who are considered data users in an organization? - Answers Individuals who work with information
to perform their daily jobs and support the organization's mission.
What are the three communities of interest in information security? - Answers General management,
IT management, and information security management.
How is information security described in relation to its nature? - Answers As both an art and a
science, encompassing many aspects of social science.
What is the purpose of having multiple layers of security in an organization? - Answers To protect its
people, operations, physical infrastructure, functions, communications, and information.
What methods are used to protect the critical characteristics of information? - Answers Policies,
education, training and awareness, and technology.
Encryption, access controls, data backups, firewalls, employee security awareness training
What is the difference between the top-down and bottom-up approaches to security
implementation? - Answers The top-down approach is driven by upper management, while the
bottom-up approach involves individuals choosing their own security strategies.
What is the significance of organizational culture in information security? - Answers It unites
communities of interest by similar values and common objectives.
What is the definition of security in the context of information security? - Answers Protection from
danger.
What is the role of education in information security? - Answers To ensure awareness and
understanding of security policies and practices.
Why is it important to protect the C.I.A. triad at all times? - Answers To maintain the security and
integrity of information assets.
What is the relationship between information security and technology? - Answers Technology is one
of the key methods used to protect information assets.
How does information security relate to social science? - Answers It comprises many aspects of social
science, reflecting its complexity and human factors.
What is the role of training in information security? - Answers To enhance the skills and knowledge of
individuals regarding security practices.
What are the consequences of failing to implement proper information security measures? - Answers
Increased risk of data breaches, loss of sensitive information, and potential harm to the organization.
McCumber cube - Answers A graphical representation of the architectural approach used in
computer and information security; commonly shown as a cube composed of 3×3×3 cells, similar to a
Rubik's Cube.
Who are data users? - Answers Employees who use the information to do their jobs
Why is security an art and a science? - Answers It requires creativity ( art), systematic
processes(science), and social science skills to manage people.
What is security? - Answers Protection from danger
What is the difference between a threat agent and a threat source? - Answers A threat agent is the
entity that launches an attack (a hacker). A threat source is the origin of possible danger (ex: human
error, natural disaster).
What is the primary focus of information security? - Answers The protection of information assets
that use, store, or transmit information through policy, education, and technology.
What does the C.I.A. triad stand for in information security? - Answers Confidentiality, Integrity, and
Availability.
What are the major components of information systems? - Answers Hardware, software, data,
people, procedures, and networks.
What approach to security implementation is driven by upper management? - Answers The top-down
approach.
Who is responsible for the security and use of a particular set of information? - Answers Data owners.
What is the role of data custodians in an organization? - Answers They are responsible for the
storage, maintenance, and protection of information.
Who are data trustees? - Answers Appointed by data owners to coordinate storage, protection, and
use of data with custodians.
Who are considered data users in an organization? - Answers Individuals who work with information
to perform their daily jobs and support the organization's mission.
What are the three communities of interest in information security? - Answers General management,
IT management, and information security management.
How is information security described in relation to its nature? - Answers As both an art and a
science, encompassing many aspects of social science.
What is the purpose of having multiple layers of security in an organization? - Answers To protect its
people, operations, physical infrastructure, functions, communications, and information.
What methods are used to protect the critical characteristics of information? - Answers Policies,
education, training and awareness, and technology.
Encryption, access controls, data backups, firewalls, employee security awareness training
What is the difference between the top-down and bottom-up approaches to security
implementation? - Answers The top-down approach is driven by upper management, while the
bottom-up approach involves individuals choosing their own security strategies.
What is the significance of organizational culture in information security? - Answers It unites
communities of interest by similar values and common objectives.
What is the definition of security in the context of information security? - Answers Protection from
danger.
What is the role of education in information security? - Answers To ensure awareness and
understanding of security policies and practices.
Why is it important to protect the C.I.A. triad at all times? - Answers To maintain the security and
integrity of information assets.
What is the relationship between information security and technology? - Answers Technology is one
of the key methods used to protect information assets.
How does information security relate to social science? - Answers It comprises many aspects of social
science, reflecting its complexity and human factors.
What is the role of training in information security? - Answers To enhance the skills and knowledge of
individuals regarding security practices.
What are the consequences of failing to implement proper information security measures? - Answers
Increased risk of data breaches, loss of sensitive information, and potential harm to the organization.
McCumber cube - Answers A graphical representation of the architectural approach used in
computer and information security; commonly shown as a cube composed of 3×3×3 cells, similar to a
Rubik's Cube.
Who are data users? - Answers Employees who use the information to do their jobs
Why is security an art and a science? - Answers It requires creativity ( art), systematic
processes(science), and social science skills to manage people.
What is security? - Answers Protection from danger
What is the difference between a threat agent and a threat source? - Answers A threat agent is the
entity that launches an attack (a hacker). A threat source is the origin of possible danger (ex: human
error, natural disaster).
