Questions and Answers of Principles Of Information Security

I. Explain that the Bell–LaPadula (BLP) model ensures the confidentiality of the modeled system by using MACs, data classification, and security clearances.II. Compare and contrast between the two
I. Introduce students to the Common Criteria for Information Technology Security Evaluation, often called the Common Criteria or just CC.II. Mention that it is an international standard for computer
I. Discuss the Information Technology System Evaluation Criteria (ITSEC), which is an international set of criteria for evaluating computer systems.II. Emphasize that Targets of Evaluation (ToE) are
I. Describe the Trusted Computer System Evaluation Criteria (TCSEC). Point out that it is an older Department of Defense (DoD) standard that defines the criteria for assessing the access controls in
A network filter that allows administrators to restrict access to external content from within a network is known as which of the following?a. Content filterb. Dynamic filterc. Static filterd. State
True or False: All traffic exiting from the trusted network should be filtered.
Which type of firewall filtering allows the firewall to react to an emergent event and update or create rules to deal with the event?a. Staticb. Stablec. Unstabled. Dynamic
Explain that accountability or auditability is a system that directly attributes the actions on a system with an authenticated entity.
What type of firewall examines every incoming packet header and can selectively filter packets based on header information, such as destination address, source address, packet type, and other key
Recognize the concept of authorization as the matching of an authenticated entity to a list of information assets and corresponding access levels, which can happen in one of three ways.•
The piece of the system that manages access controls within TCB is an object known as which of the following?a. Covert channelb. Storage channelc. Reference monitord. Standard
I. Review the definition of authentication. Explain to learners that this is the process of validating an unauthenticated entity’s purported identity.II. Assemble and outline the three commonly
The biometric technology criteria that describes the number of legitimate users who are denied access because of a failure in the biometric device is known as which of the following?a. False reject
I. Define identification as a mechanism whereby unverified entities—called supplicants—who seek access to a resource propose a label by which they are known to the system.II. Emphasize the fact
True or False: The authentication factor something a supplicant has relies upon individual characteristics, such as fingerprints, palm prints, hand topography, hand geometry, or retina and iris scans.
Outline the four fundamental functions of access control systems:• Identification• Authentication• Authorization• Accountability
Which term is used to describe the process of validating a supplicant’s purported identity?a. Accountabilityb. Authenticationc. Authorizationd. Biometrics
I. Describe how technical controls are essential in enforcing policy for many IT functions that do not involve direct human control.II. Explain the concept of technical control solutions, which when
The method by which systems determine whether and how to admit a user into a trusted area of the organization is known as which of the following?a. Attributeb. Accountabilityc. Access controld.
I. Compare and contrast the difference between temporary employees and contract employees and their differences and similarities with respect to information security policies.II. Explain contracts
I. Distinguish the difference that temporary employees are hired by the organization to serve in a temporary position or to supplement the existing workforce when compared to permanent employees.II.
I. Summarize knowledge that individuals who are not subject to rigorous screening, contractual obligations, and eventual secured termination often have access to sensitive organizational
Emphasize the law states organizations are required to protect employee information that is sensitive or personal as you learned in the sixth module. This information includes employee addresses,
I. Describe the term separation of duties and why it is important in reducing the risk an organization takes on when limiting the chance an employee will violate information security and break the
I. Detail that friendly departures include resignation, retirement, promotion, or relocation. In this case, the employee may have tendered notice well in advance of the actual departure date.II.
I. Summarize that an organization should integrate the security awareness education into a new hire’s job orientation and make it a part of every employee’s on-the-job security training.II.
Describe the purpose of the CompTIA Security+ certification test as it is geared towards a professional’s entry-level security knowledge and their minimum two years of on-the-job networking
True or False: Popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms.
True or False: PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities.
The process of hiding information within other files, such as digital pictures or other images, is known as which of the following?a. Digital signaturesb. Steganographyc. Registration authorityd.
Which of the following is a hybrid cryptosystem that has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications?a. PGPb. S-HTTPc. SSLd.
Discuss wireless local area networks, which are thought by many in the IT industry to be inherently insecure. Without some form of protection, these signals can be intercepted by anyone with a
Explain that to qualify for the HCISPP you must focus on security management topics and healthcare; this certification requires the candidate to demonstrate knowledge in six specialty domains on its
Establish that security analysts are often known as security technicians, security architects, and/or security engineers.Examine the core duties of security analysts. Based on the need, they are
Express this certification is targeted at managers and employees with knowledge and experience in risk management.Outline the four domains that the exam covers in this annual exam:IT risk
Contrast the Certified in the Governance of Enterprise IT (CGEIT) certification with others examined in this section as it is mostly geared towards upper-level executives (CISOs and CIOs), directors,
Explain to students that this is one of the newest certifications offered.Stress that the Certified Data Privacy Solutions Engineer (CDPSE) is an exam that focuses on protection of customer’s
Focus on the critical fact that regardless of the position an organization should always have information security as a documented part of an employee’s job description.Explain that from an
Demonstrate how an opening within the information security department presents a unique opportunity for the security manager to educate HR on the certifications, experience, and qualifications of a
To assess the effect that information security changes will have on the organization’s personnel management practices, the organization should conduct which of the following studies before the
Emphasize that often in large organizations, the information technology (IT) department houses the information security (IS) department and designates a chief information security officer (CISO) or
Which of the following positions is typically the top information security employee in the organization?a. CISOb. CEHc. Security Managerd. CSO
Which of the information security roles is usually tasked with configuring firewalls, deploying IDSs, implementing security software, diagnosing and troubleshooting problems, and coordinating with
Discuss the criteria on which selecting information security personnel is based, including the principles of supply and demand. This is likely a combination of experience, certifications, and
Which of the following information security roles is accountable for the day-to-day operation of the information security program?a. Security Analystb. CISOc. CSOd. Security Manager
True or False: In most organizations, the security analyst position is one that is a senior-level position that requires numerous years of experience and certifications.
Outline and classify the two common points of entry that information security professionals come from. These are often ex-law enforcement and military personnel and technical professionals.Gain
Which of the following is a certification offered by the International Information Systems Security Certification Consortium (ISC)2?a. Security+b. GIACc. CISSPd. CGEIT
Which of the following certifications requires the applicant to complete a written practical assignment to complete the certification process?a. Security+b. GIACc. CISSPd. CGEIT
Which of the following ISACA certifications, while not specifically a security certification, contains many information security systems’ auditing components and is only offered a few times per
Compare and contrast the differences between a CISO and CSO. Depending on the organization, the CISO’s position may be combined with physical security responsibilities or may even report to a
Once a candidate has accepted the job offer, the employment ________ becomes an important security instrument.a. Non-disclosure agreementb. Contractc. Security acknowledgementd. Offer
Apply knowledge presented in the text that security managers are accountable for the day-to-day operation of the information security program. They accomplish the objectives that are identified by
True or False: The least privilege principle ensures no unnecessary access to data exists by regulating members, so they can perform only the minimum data manipulation needed.
Identify that many organizations seek industry-recognized certifications when reviewing the credentials of applicants.Relate those existing certifications are relatively new and not fully understood
Emphasize that the International Information Systems Security Certification Consortium (ISC)2 is considered the foremost organization offering information security certifications today.
Present that the CISSIP certification is considered the ‘gold standard’ and the most prestigious certification for security managers and CISO’s.Recognize that professionals must possess at
Contrast that, like the CISSP, the SSCP certification applies more to the security manager than the security technician because the SSCP focuses on practices, roles, and responsibilities as defined
Detail that The Certified Secure Software Lifecycle Professional (CSSLP) is another (ISC)2 certification focused on the development of secure applications.Encourage students to understand that to get
Recognize that this certification is geared towards professionals who with the NIST Risk Management Framework, the Certified Authorization Professional is a certification that focuses on the
Explain that to qualify for the HCISPP you must focus on security management topics and healthcare; this certification requires the candidate to demonstrate knowledge in six specialty domains on its
Stress that the Certified Cloud Security Professional (CCSP) certification exam is sponsored by the Cloud Security Alliance and focuses on professionals who are responsible for specifying, acquiring,
Justify the merit of this certification as it is an innovative approach to the experience requirement that may prohibit others from being able to take other exams outlined in this section of the
Explain to learners how the Information Systems Audit and Control Association (ISACA) offers several reputable certifications. This includes the CISM, CISA, CGEIT, and CDPSE certifications.
Establish that the CISM credential is focused on information security managers and others who may have similar management responsibilities.Outline the four domains that the exam covers in this annual
Identify that EC Council is a new competitor in certifications for security management. They offer a Certified CISO (CCISO) certification which tests security domain knowledge as well as knowledge of
Define the reality that certifications cost money and the better certifications can be quite expensive to attain. Depending on the certification, one can cost more than$750.00 alone, and
Establish an understanding that as a future information security professional learners can benefit from keeping the following suggestions in mind as you enter the information security job
Discuss how to incorporate information security perspectives into the hiring process and how it begins with reviewing and updating all job descriptions.Explain the importance of preventing people
I. Examine the purpose of a background check and why it is important to investigate the candidate’s past because criminal behavior could indicate the potential for future misconduct.II. Review the
I. Explain how once a candidate has accepted the job offer, the employment contract becomes an important security instrument and must be protected much in the same way as other data sets in an
State that governance describes the entire process of governing, or controlling, the processes used by a group to accomplish some objective.Define the term governance and why the board of directors
True or False: An example of a disaster classification plan is a scale that has Minor, Moderate, Severe, and Critical categories.
Summarize the practice of incident classification and why it is important for an IR plan to have this included to determine the severity of threats that may occur.Recall that incidents are the
Outline indicators that may warrant an incident to be investigated but may be common within an organization depending on one’s interpretation:Presence of unfamiliar filesPresence or execution of
Compare and contrast probable indicators to possible indicators and explain how they are different from one another.Review the list of incident candidates as outlined in the text that are considered
Stress that definite indicators are incident candidates of something that is happening or has happened. Better put, they are clear signals.Establish an understanding that the IR plan must be
Focus students’ attention that regardless of whether an incident indicator was possible, probable, or definite, action still must be taken because consequences can still result that could be
Recall that once an incident has been confirmed and classified properly, the IR plan moves into the detection phase.Summarize the action steps for reacting to incidents. They include:Notifying key
Emphasize the use of an alert roster as the first line of defense and step that is taken once a CSIRT determines that an incident is in progress.Examine the two ways an alert roster is
Conclude that the most critical component of an IR plan is to stop the incident and contain the scope and/or impact to the organization. With time being of the essence, detailed analyses here are not
Emphasize that most organizations cannot sustain a permanent digital forensics team. Even so, there should be people in the information security group trained to understand and manage the forensics
Label that an affidavit is sworn testimony that certain facts are in the possession of the investigating officer that they feel warrant the examination of specific items located at a specific
Broadcast that all investigations applying the use of digital forensics apply the same basic methodology below:Identify relevant EM.Acquire (seize) the evidence without alteration or damage.Take
Compare and contrast how in information security, most operations focus on policies—those documents that provide managerial guidance for ongoing implementation and operations. In digital forensics,
Examine the two pieces of criteria that classify that a disaster has occurred: the organization is unable to contain or control the impact of an incident, or the level of damage or destruction from
Examine the two pieces of criteria that classify that a disaster has occurred: the organization is unable to contain or control the impact of an incident, or the level of damage or destruction from
Summarize that upon the creation of the DR team, the manager that is placed in charge of the group will begin the creation of the DR policy. Note that this document may have already been created by
Explain that, depending on the organization, most often the disaster recovery and business continuity plans are merged together into one single function known as the business resumption
Propose to students that a critical component of the NIST-based methodologies presented in this module is continuous process improvement (CPI). Each time the organization rehearses its plans, it
Describe to students that as a future information security professional, they must understand the scope of an organization’s legal and ethical responsibilities.Disseminate that the laws and ethics
What is a type of law that represents all laws that apply to a citizen (or subject) of a jurisdiction?a. Criminal lawb. Private lawc. Civil lawd. Public law
Emphasize that even if there is no breach of criminal law, there can still be liability.Define the term liability. Explain that this is the legal obligation of an entity that extends beyond criminal
What is a type of law that addresses violations harmful to society and that is enforced by prosecution by the state?a. Criminal lawb. Private lawc. Public lawd. Civil law
Classify the difference between a policy and law and how they are similar and different.Outline the five criteria for a policy to be enforceable:Dissemination (distribution): The organization must be
Which law regulates the role of the healthcare industry in protecting the privacy of individuals?a. GLBb. FOIAc. HIPAAd. CFAA
Define civil law, which represents a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people.Explain how criminal
The generally recognized term for the government protection afforded to intellectual property (written and electronic) is called which of the following?a. Computer security lawb. Copyright lawc.
Conclude that the United States has been a leader in the development and implementation of information security legislation that prevents the misuse and exploitation of information and information
True or False: The cornerstone of many current federal computer-related criminal laws is the Computer Fraud and Abuse Act of 1986.

Showing 400 - 500 of 746