ITSY-2341 EXAM 1 (Modules 2, 3, & 5) QUESTIONS AND
COMPLETE ANSWERS
Define Information Security - ANSWER Ensures that within the enterprise, information is
protected against disclosure to unauthorized users (confidentiality), improper modification
(integrity), and non-access when required (availability)
Define Information Technology Security - ANSWER Is the process of implementing measures
and systems designed to securely protect and safeguard information (business and personal
data, voice conversations, still images, motion pictures, multimedia presentations, including
those not yet conceived) utilizing various forms of technology developed to create, store, use
and exchange such information against any unauthorized access, misuse, malfunction,
modification, destruction, or improper disclosure, thereby preserving the value,
confidentiality, integrity, availability, intended use and its ability to perform their permitted
critical functions.
Define Cyber Security - ANSWER The protection of information assets by addressing threats
to information processed, stored, and transported by internetworked information systems
Define Cyberspace - ANSWER A global domain within the information environment consisting
of the interdependent network of information systems infrastructures including the Internet,
telecommunications networks, computer systems, and embedded processors and controllers.
Define Governance (Dictionary) - ANSWER "The act or manner of governing, of exercising
control or authority over the actions of subjects; a system of regulations."
,Define Governance (Gartner) - ANSWER Specification of decision rights and an accountability
framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving
and deletion of information. It includes the processes, roles and policies, standards and
metrics that ensure the effective and efficient use of information in enabling an organization
to achieve its goals
Define Segregation/Separation of Duties - ANSWER A basic internal control that prevents or
detects errors and irregularities by assigning to separate individuals the responsibility for
initiating and recording transactions and for the custody of assets
Define Toxic Combinations - ANSWER A situation where a user has a combination of
entitlements/access on the system (or combination of systems), that gives them the ability to
perform tasks that should never be controlled by a single user
What is the difference between data and information? - ANSWER Data is raw, unorganized
facts that need to be processed. Data can be something simple and seemingly random and
useless until it is organized.
When data is processed, organized, structured or presented in a given context so as to make
it useful, it is called information.
What are the different stages of information within its lifecycle? - ANSWER - Generate
- Process
- Update
, - Store
- Re-use
- Delete
What are two takeaways as information value decrease over time? - ANSWER - The cost to
manage it remains basically constant, so there is a widening gap as costs exceed value over
time.
- E-discovery risk increases as information ages and context is lost, so there is an even larger
gap as value declines and risk increases.
What are the Key Terms according Gartner in regards to Information Governance? - ANSWER
- Accountability framework for information
- Processes, roles, standards, metrics
- Effective, efficient use of information to achieve goals
What are some of the failures of not implementing an effective Information Security
Governance Program? - ANSWER - This results in continued chaotic, increasingly expensive,
and marginally effective firefighting mode of operation
- Breaches and losses continuously grows
- Regulatory compliance becoming more costly
- Senior management responsible; legally liable for failing the requirements of due care and
diligence
- Customers demand greater care and, failing to get it, will vote with their feet
COMPLETE ANSWERS
Define Information Security - ANSWER Ensures that within the enterprise, information is
protected against disclosure to unauthorized users (confidentiality), improper modification
(integrity), and non-access when required (availability)
Define Information Technology Security - ANSWER Is the process of implementing measures
and systems designed to securely protect and safeguard information (business and personal
data, voice conversations, still images, motion pictures, multimedia presentations, including
those not yet conceived) utilizing various forms of technology developed to create, store, use
and exchange such information against any unauthorized access, misuse, malfunction,
modification, destruction, or improper disclosure, thereby preserving the value,
confidentiality, integrity, availability, intended use and its ability to perform their permitted
critical functions.
Define Cyber Security - ANSWER The protection of information assets by addressing threats
to information processed, stored, and transported by internetworked information systems
Define Cyberspace - ANSWER A global domain within the information environment consisting
of the interdependent network of information systems infrastructures including the Internet,
telecommunications networks, computer systems, and embedded processors and controllers.
Define Governance (Dictionary) - ANSWER "The act or manner of governing, of exercising
control or authority over the actions of subjects; a system of regulations."
,Define Governance (Gartner) - ANSWER Specification of decision rights and an accountability
framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving
and deletion of information. It includes the processes, roles and policies, standards and
metrics that ensure the effective and efficient use of information in enabling an organization
to achieve its goals
Define Segregation/Separation of Duties - ANSWER A basic internal control that prevents or
detects errors and irregularities by assigning to separate individuals the responsibility for
initiating and recording transactions and for the custody of assets
Define Toxic Combinations - ANSWER A situation where a user has a combination of
entitlements/access on the system (or combination of systems), that gives them the ability to
perform tasks that should never be controlled by a single user
What is the difference between data and information? - ANSWER Data is raw, unorganized
facts that need to be processed. Data can be something simple and seemingly random and
useless until it is organized.
When data is processed, organized, structured or presented in a given context so as to make
it useful, it is called information.
What are the different stages of information within its lifecycle? - ANSWER - Generate
- Process
- Update
, - Store
- Re-use
- Delete
What are two takeaways as information value decrease over time? - ANSWER - The cost to
manage it remains basically constant, so there is a widening gap as costs exceed value over
time.
- E-discovery risk increases as information ages and context is lost, so there is an even larger
gap as value declines and risk increases.
What are the Key Terms according Gartner in regards to Information Governance? - ANSWER
- Accountability framework for information
- Processes, roles, standards, metrics
- Effective, efficient use of information to achieve goals
What are some of the failures of not implementing an effective Information Security
Governance Program? - ANSWER - This results in continued chaotic, increasingly expensive,
and marginally effective firefighting mode of operation
- Breaches and losses continuously grows
- Regulatory compliance becoming more costly
- Senior management responsible; legally liable for failing the requirements of due care and
diligence
- Customers demand greater care and, failing to get it, will vote with their feet
