INF4831 INFORMATION SECURITY QUESTIONS AND ANSWERS
A+ GRADED. Buy Quality Materials!
information security
practice of defending information from unauthorised access, use, disclosure, disruption,
modification, perusal inspection, recording or destruction
confidentiality
preventing disclosure of information to unauthorised individuals or systems
integrity
preventing modification of information to unauthorised individual or systems
availability
information must be available to authorised entity
accountability
individual must be identifiable and must be held responsible for their action
non-repudiation
enforce someone cannot deny what he/she has done
hacking
devising superficial fixes which are nothing more than auxiliary workarounds for
problems
black hat
security profession with hacking background
white hat
security professional with info sec skill and knowledge but know hacking background
risk management
identification, assessment, and prioritisation of risk followed by coordinated and
economical application of resources to minimise, monitor, and control the risk
asset
any data, device, or other component of the environment that supports information-
related activities
vulnerability
weakness in design, implementation, operation or internal control of process that could
expose system
threat
any potential danger associated with exploitation of vulnerability
risk
likelihood of a threat agent exploiting a vulnerability and corresponding business impact
exposure
instance of being exposed to loss
control
countermeasure put into place to mitigate potential risk
risk analysis
process of understanding impact and criticality of risk
asset value
, monetary value of asset
exposure factor
percentage loss by realised threat
risk transfer
transfer risk to third party
risk avoidance
terminating activity introducing the risk
risk mitigation
reduce risk to acceptable level to continue conducting business
residual risk
remaining risk after placing a control
risk acceptance
understand level of risk and not implementing a countermeasure
administrative control
approved written policies, procedures, standards and guidelines
technical control (logical)
use of software and data to monitor and control access
physical control
environmental control of workplace and computing facilities
preventive control
avoid incident from occuring
detective control
identify an incident's activities and potentially an intruder
corrective control
fixes problems after incident has occurred
recovery control
return environment back to regular operation
deterrent control
discourage potential attacker
security policy
general statement produced by senior management that dictates what role security
plays within the organisation
procedures
detailed step by step tasks that should be performed to achieve a certain goal
standard
mandatory activities, actions or rules
guidelines
recommended actions and operational guides when specific standard does not apply
compliance
conforming to a set of requirements
identification
mapping an unknown entity to a known identity as to make it known
authentication
process of confirming the truth of an attribute of a datum or entity
authorisation
process of verifying that a particular identity is permitted to perform a particular action
A+ GRADED. Buy Quality Materials!
information security
practice of defending information from unauthorised access, use, disclosure, disruption,
modification, perusal inspection, recording or destruction
confidentiality
preventing disclosure of information to unauthorised individuals or systems
integrity
preventing modification of information to unauthorised individual or systems
availability
information must be available to authorised entity
accountability
individual must be identifiable and must be held responsible for their action
non-repudiation
enforce someone cannot deny what he/she has done
hacking
devising superficial fixes which are nothing more than auxiliary workarounds for
problems
black hat
security profession with hacking background
white hat
security professional with info sec skill and knowledge but know hacking background
risk management
identification, assessment, and prioritisation of risk followed by coordinated and
economical application of resources to minimise, monitor, and control the risk
asset
any data, device, or other component of the environment that supports information-
related activities
vulnerability
weakness in design, implementation, operation or internal control of process that could
expose system
threat
any potential danger associated with exploitation of vulnerability
risk
likelihood of a threat agent exploiting a vulnerability and corresponding business impact
exposure
instance of being exposed to loss
control
countermeasure put into place to mitigate potential risk
risk analysis
process of understanding impact and criticality of risk
asset value
, monetary value of asset
exposure factor
percentage loss by realised threat
risk transfer
transfer risk to third party
risk avoidance
terminating activity introducing the risk
risk mitigation
reduce risk to acceptable level to continue conducting business
residual risk
remaining risk after placing a control
risk acceptance
understand level of risk and not implementing a countermeasure
administrative control
approved written policies, procedures, standards and guidelines
technical control (logical)
use of software and data to monitor and control access
physical control
environmental control of workplace and computing facilities
preventive control
avoid incident from occuring
detective control
identify an incident's activities and potentially an intruder
corrective control
fixes problems after incident has occurred
recovery control
return environment back to regular operation
deterrent control
discourage potential attacker
security policy
general statement produced by senior management that dictates what role security
plays within the organisation
procedures
detailed step by step tasks that should be performed to achieve a certain goal
standard
mandatory activities, actions or rules
guidelines
recommended actions and operational guides when specific standard does not apply
compliance
conforming to a set of requirements
identification
mapping an unknown entity to a known identity as to make it known
authentication
process of confirming the truth of an attribute of a datum or entity
authorisation
process of verifying that a particular identity is permitted to perform a particular action
