1|Page
INFORMATION SECURITY EXAM WITH CORRECT
ACTUAL QUESTIONS AND CORRECTLY WELL DEFINED
ANSWERS LATEST 2025 ALREADY GRADED A+
According to the 2015 Information Systems Audit and Control Association (ISAC)
report, what is the biggest gap in the knowledge of current security professionals
- (answer)understanding the needs of the business
Name the four major business needs reviewed in class that establish the over-
arching objectives of any security organization - (answer)- enable and protect
functions
- enable safe application
- protect data
- safeguard other technology
the decision support tool which attempts to compare options by monetizing the
value of as many assets and intangibles as possible is called what? - (answer)cost
/ benefit analysis
legal standards exist which require both organizations and individuals to be
responsible to know all relevant laws pertaining to themselves and their actions.
There standards are called what? - (answer)due diligence and due care
formally enforced riles that mandate or prohibit certain societal behaviors -
(answer)laws
,2|Page
formal and informal definitions of socially acceptable behavior - (answer)ethics
a body of formalized expectations, often created and enforced by employers -
(answer)policies
the primary organizations which promote ethics in Information Technology are
what? - (answer)professional societies
what is the"sphere of use" intended to illustrate? - (answer)that people interact
with information through a wide variety of mechanisms
what is the "sphere of protection" intended to illustrate? - (answer)the wide
variety of controls available to protect information at all interfaces within it's
sphere of use
name the six major components of an information system presented in the text -
(answer)Data
Software
Hardware
Procedures
Networks
People
a specific organizational resource of value - (answer)asset
, 3|Page
an intentional or unintentional act that many damage an asset - (answer)attack
a specific security mechanism or policy which is intended to improve security -
(answer)countermeasure
an object, person, or other entity which represents a danger to assets -
(answer)threat
an attribute of information which is genuine - (answer)authentic
an attribute of information which has access restrictions - (answer)confidential
considered the first phase in the security development life-cycle, concerns include
establishing project goals and determining feasibility - (answer)evolution
a phase of the security development life-cycle which includes analyzing potential
legal issues as well as performing other risk evaluation processes -
(answer)analyze
a phase of the SDLC where we select key components , and finalize plans for
business continuity and incident response - (answer)design
a phase of the SDLC where we "build it or buy it" - (answer)implementation
INFORMATION SECURITY EXAM WITH CORRECT
ACTUAL QUESTIONS AND CORRECTLY WELL DEFINED
ANSWERS LATEST 2025 ALREADY GRADED A+
According to the 2015 Information Systems Audit and Control Association (ISAC)
report, what is the biggest gap in the knowledge of current security professionals
- (answer)understanding the needs of the business
Name the four major business needs reviewed in class that establish the over-
arching objectives of any security organization - (answer)- enable and protect
functions
- enable safe application
- protect data
- safeguard other technology
the decision support tool which attempts to compare options by monetizing the
value of as many assets and intangibles as possible is called what? - (answer)cost
/ benefit analysis
legal standards exist which require both organizations and individuals to be
responsible to know all relevant laws pertaining to themselves and their actions.
There standards are called what? - (answer)due diligence and due care
formally enforced riles that mandate or prohibit certain societal behaviors -
(answer)laws
,2|Page
formal and informal definitions of socially acceptable behavior - (answer)ethics
a body of formalized expectations, often created and enforced by employers -
(answer)policies
the primary organizations which promote ethics in Information Technology are
what? - (answer)professional societies
what is the"sphere of use" intended to illustrate? - (answer)that people interact
with information through a wide variety of mechanisms
what is the "sphere of protection" intended to illustrate? - (answer)the wide
variety of controls available to protect information at all interfaces within it's
sphere of use
name the six major components of an information system presented in the text -
(answer)Data
Software
Hardware
Procedures
Networks
People
a specific organizational resource of value - (answer)asset
, 3|Page
an intentional or unintentional act that many damage an asset - (answer)attack
a specific security mechanism or policy which is intended to improve security -
(answer)countermeasure
an object, person, or other entity which represents a danger to assets -
(answer)threat
an attribute of information which is genuine - (answer)authentic
an attribute of information which has access restrictions - (answer)confidential
considered the first phase in the security development life-cycle, concerns include
establishing project goals and determining feasibility - (answer)evolution
a phase of the security development life-cycle which includes analyzing potential
legal issues as well as performing other risk evaluation processes -
(answer)analyze
a phase of the SDLC where we select key components , and finalize plans for
business continuity and incident response - (answer)design
a phase of the SDLC where we "build it or buy it" - (answer)implementation
