ITSY-2341 EXAM 1 (MODULES 2, 3, & 5) QUESTIONS &
ANSWERS
Define Information Security - Answer -Ensures that within the enterprise, information is
protected against disclosure to unauthorized users (confidentiality), improper
modification (integrity), and non-access when required (availability)
Define Information Technology Security - Answer -Is the process of implementing
measures and systems designed to securely protect and safeguard information
(business and personal data, voice conversations, still images, motion pictures,
multimedia presentations, including those not yet conceived) utilizing various forms of
technology developed to create, store, use and exchange such information against any
unauthorized access, misuse, malfunction, modification, destruction, or improper
disclosure, thereby preserving the value, confidentiality, integrity, availability, intended
use and its ability to perform their permitted critical functions.
Define Cyber Security - Answer -The protection of information assets by addressing
threats to information processed, stored, and transported by internetworked information
systems
Define Cyberspace - Answer -A global domain within the information environment
consisting of the interdependent network of information systems infrastructures
including the Internet, telecommunications networks, computer systems, and embedded
processors and controllers.
Define Governance (Dictionary) - Answer -"The act or manner of governing, of
exercising control or authority over the actions of subjects; a system of regulations."
Define Governance (Gartner) - Answer -Specification of decision rights and an
accountability framework to ensure appropriate behavior in the valuation, creation,
storage, use, archiving and deletion of information. It includes the processes, roles and
policies, standards and metrics that ensure the effective and efficient use of information
in enabling an organization to achieve its goals
Define Segregation/Separation of Duties - Answer -A basic internal control that
prevents or detects errors and irregularities by assigning to separate individuals the
responsibility for initiating and recording transactions and for the custody of assets
Define Toxic Combinations - Answer -A situation where a user has a combination of
entitlements/access on the system (or combination of systems), that gives them the
ability to perform tasks that should never be controlled by a single user
, What is the difference between data and information? - Answer -Data is raw,
unorganized facts that need to be processed. Data can be something simple and
seemingly random and useless until it is organized.
When data is processed, organized, structured or presented in a given context so as to
make it useful, it is called information.
What are the different stages of information within its lifecycle? - Answer -- Generate
- Process
- Update
- Store
- Re-use
- Delete
What are two takeaways as information value decrease over time? - Answer -- The
cost to manage it remains basically constant, so there is a widening gap as costs
exceed value over time.
- E-discovery risk increases as information ages and context is lost, so there is an even
larger gap as value declines and risk increases.
What are the Key Terms according Gartner in regards to Information Governance? -
Answer -- Accountability framework for information
- Processes, roles, standards, metrics
- Effective, efficient use of information to achieve goals
What are some of the failures of not implementing an effective Information Security
Governance Program? - Answer -- This results in continued chaotic, increasingly
expensive, and marginally effective firefighting mode of operation
- Breaches and losses continuously grows
- Regulatory compliance becoming more costly
- Senior management responsible; legally liable for failing the requirements of due care
and diligence
- Customers demand greater care and, failing to get it, will vote with their feet
Define Operational, Tactical and Strategic Planning Process? - Answer -Strategic:
Long-term (3-5 year) direction considers organizational goals, regulation (and for IT:
technical advances)
Tactical:
1-year plan moves organization to strategic goal
Operational:
Detailed or technical plans, at most 3 to 6 months outlook
What are the 8 listed benefits of a good Information Security Governance Program? -
Answer -1. Aligning Security with Business Objectives
2. Providing the Structure and Framework to Optimize Allocations of Limited Resources
3. Providing Assurance that Critical Decisions are Not Based on Faulty Information
ANSWERS
Define Information Security - Answer -Ensures that within the enterprise, information is
protected against disclosure to unauthorized users (confidentiality), improper
modification (integrity), and non-access when required (availability)
Define Information Technology Security - Answer -Is the process of implementing
measures and systems designed to securely protect and safeguard information
(business and personal data, voice conversations, still images, motion pictures,
multimedia presentations, including those not yet conceived) utilizing various forms of
technology developed to create, store, use and exchange such information against any
unauthorized access, misuse, malfunction, modification, destruction, or improper
disclosure, thereby preserving the value, confidentiality, integrity, availability, intended
use and its ability to perform their permitted critical functions.
Define Cyber Security - Answer -The protection of information assets by addressing
threats to information processed, stored, and transported by internetworked information
systems
Define Cyberspace - Answer -A global domain within the information environment
consisting of the interdependent network of information systems infrastructures
including the Internet, telecommunications networks, computer systems, and embedded
processors and controllers.
Define Governance (Dictionary) - Answer -"The act or manner of governing, of
exercising control or authority over the actions of subjects; a system of regulations."
Define Governance (Gartner) - Answer -Specification of decision rights and an
accountability framework to ensure appropriate behavior in the valuation, creation,
storage, use, archiving and deletion of information. It includes the processes, roles and
policies, standards and metrics that ensure the effective and efficient use of information
in enabling an organization to achieve its goals
Define Segregation/Separation of Duties - Answer -A basic internal control that
prevents or detects errors and irregularities by assigning to separate individuals the
responsibility for initiating and recording transactions and for the custody of assets
Define Toxic Combinations - Answer -A situation where a user has a combination of
entitlements/access on the system (or combination of systems), that gives them the
ability to perform tasks that should never be controlled by a single user
, What is the difference between data and information? - Answer -Data is raw,
unorganized facts that need to be processed. Data can be something simple and
seemingly random and useless until it is organized.
When data is processed, organized, structured or presented in a given context so as to
make it useful, it is called information.
What are the different stages of information within its lifecycle? - Answer -- Generate
- Process
- Update
- Store
- Re-use
- Delete
What are two takeaways as information value decrease over time? - Answer -- The
cost to manage it remains basically constant, so there is a widening gap as costs
exceed value over time.
- E-discovery risk increases as information ages and context is lost, so there is an even
larger gap as value declines and risk increases.
What are the Key Terms according Gartner in regards to Information Governance? -
Answer -- Accountability framework for information
- Processes, roles, standards, metrics
- Effective, efficient use of information to achieve goals
What are some of the failures of not implementing an effective Information Security
Governance Program? - Answer -- This results in continued chaotic, increasingly
expensive, and marginally effective firefighting mode of operation
- Breaches and losses continuously grows
- Regulatory compliance becoming more costly
- Senior management responsible; legally liable for failing the requirements of due care
and diligence
- Customers demand greater care and, failing to get it, will vote with their feet
Define Operational, Tactical and Strategic Planning Process? - Answer -Strategic:
Long-term (3-5 year) direction considers organizational goals, regulation (and for IT:
technical advances)
Tactical:
1-year plan moves organization to strategic goal
Operational:
Detailed or technical plans, at most 3 to 6 months outlook
What are the 8 listed benefits of a good Information Security Governance Program? -
Answer -1. Aligning Security with Business Objectives
2. Providing the Structure and Framework to Optimize Allocations of Limited Resources
3. Providing Assurance that Critical Decisions are Not Based on Faulty Information
