INMT 441 Final Study Guide
What are the three states data can be in? - answer data at rest
data in transit
data in process
Examples of data at rest - answer files stored on file servers, records in databases,
documents on flash drives, hard disks
examples of data in transit - answerthrough an email, web, collaborative work
applications
examples of data in process - answerdata being used in an excel sheet or data being
modified
protection of data at rest - answerStorage devices and mobile devices should be
properly encrypted. Proper access controls and redundancy controls should be
implemented to protect data at rest.
protection of data in transit - answerValuable data must be encrypted when it is
transmitted across networks to protect against unauthorized users. Two options for this
encryption are Link Encryption and End-to-End Encryption.
protection of data in process - answerSeveral companies are working on pervasive
encryption which would allow data to be encrypted while being processed. Another
approach is to use enclaves. Enclaves are isolated areas where data can be processed
in that are not connected to and cannot be seen by other components of the
architecture. This would help protect the vulnerable data in process by limiting access to
it.
What is the principle of least privilege? - answerlimit certain actions on certain objects to
certain users at certain time.
What are the four dimensions of cybersecurity that cryptography supports? -
answerconfidentiality, integrity, authentication, and nonrepudiation
Which issue does a digital signature address? - answernonrepudiation or sender
authentication
What are the three general approaches to cybersecurity governance? -
answercentralized, decentralized and hybrid
, what are the traits of centralized cybersecurity governance? - answerAuthority and
decision-making power are vested solely within a central body such as a corporate
committee.
what are the traits of decentralized cybersecurity governance? - answerAuthority and
decision-making power are reserved to individual sub-organizations.
what are the traits of hybrid cybersecurity governance? - answerAuthority over decision-
making is distributed between a central body and individual sub-organizations.
What is a Cybersecurity Maturity Model? - answera set of characteristic, attributes,
indicators, or patterns that represent capability and progression in a particular area.
How many levels are there in the DoD Cybersecurity Maturity Model? - answer5 levels
DoD level 1 - process - answerperformed
DoD level 1 - practices - answerbasic cyber hygiene
DoD level 2 - processes - answerdocumented
DoD level 2 - practices - answerIntermediate Cyber Hygiene
DoD level 3 - processes - answerManaged
DoD level 3 - practices - answerGood Cyber Hygiene
DoD level 4 - processes - answerReviewed
DoD level 4 - practices - answerProactive
DoD level 5 - processes - answerOptimizing
DoD level 5 - practices - answerAdvanced/Progressive
What are the different Risk disposition methods? - answer•Risk avoidance
•Risk mitigation
•Risk sharing or transfer
•Risk acceptance (retention)
Risk avoidance example - answermight include relocating a data center away from a
region with significant natural hazards or declining to engage in a very large project
when the business case shows notable risk of failure.
Risk mitigation example - answerautomating triggers or alerts
What are the three states data can be in? - answer data at rest
data in transit
data in process
Examples of data at rest - answer files stored on file servers, records in databases,
documents on flash drives, hard disks
examples of data in transit - answerthrough an email, web, collaborative work
applications
examples of data in process - answerdata being used in an excel sheet or data being
modified
protection of data at rest - answerStorage devices and mobile devices should be
properly encrypted. Proper access controls and redundancy controls should be
implemented to protect data at rest.
protection of data in transit - answerValuable data must be encrypted when it is
transmitted across networks to protect against unauthorized users. Two options for this
encryption are Link Encryption and End-to-End Encryption.
protection of data in process - answerSeveral companies are working on pervasive
encryption which would allow data to be encrypted while being processed. Another
approach is to use enclaves. Enclaves are isolated areas where data can be processed
in that are not connected to and cannot be seen by other components of the
architecture. This would help protect the vulnerable data in process by limiting access to
it.
What is the principle of least privilege? - answerlimit certain actions on certain objects to
certain users at certain time.
What are the four dimensions of cybersecurity that cryptography supports? -
answerconfidentiality, integrity, authentication, and nonrepudiation
Which issue does a digital signature address? - answernonrepudiation or sender
authentication
What are the three general approaches to cybersecurity governance? -
answercentralized, decentralized and hybrid
, what are the traits of centralized cybersecurity governance? - answerAuthority and
decision-making power are vested solely within a central body such as a corporate
committee.
what are the traits of decentralized cybersecurity governance? - answerAuthority and
decision-making power are reserved to individual sub-organizations.
what are the traits of hybrid cybersecurity governance? - answerAuthority over decision-
making is distributed between a central body and individual sub-organizations.
What is a Cybersecurity Maturity Model? - answera set of characteristic, attributes,
indicators, or patterns that represent capability and progression in a particular area.
How many levels are there in the DoD Cybersecurity Maturity Model? - answer5 levels
DoD level 1 - process - answerperformed
DoD level 1 - practices - answerbasic cyber hygiene
DoD level 2 - processes - answerdocumented
DoD level 2 - practices - answerIntermediate Cyber Hygiene
DoD level 3 - processes - answerManaged
DoD level 3 - practices - answerGood Cyber Hygiene
DoD level 4 - processes - answerReviewed
DoD level 4 - practices - answerProactive
DoD level 5 - processes - answerOptimizing
DoD level 5 - practices - answerAdvanced/Progressive
What are the different Risk disposition methods? - answer•Risk avoidance
•Risk mitigation
•Risk sharing or transfer
•Risk acceptance (retention)
Risk avoidance example - answermight include relocating a data center away from a
region with significant natural hazards or declining to engage in a very large project
when the business case shows notable risk of failure.
Risk mitigation example - answerautomating triggers or alerts
