MIST 2090 Final Exam Part A Complete Questions and Answers!!

ALC Triad - ANSWER -Heart of Information Security -Three concepts commonly applied to all information systems Availability - ANSWER -The ability for authorized parties to access data and systems when necessary -Threats: Natural disasters or power grid failures distributed denial of service attacks hardware failures or service upgrades -Safety measures: Load balancing Disk shadowing Integrity - ANSWER -Maintaining and assuring the accuracy and reliability of the information and systems over its lifecycle -Threats: Data entry error (undercharging) Incorrect modifications of data -Safety measures: Access/change controls Audit trails Confidentiality - ANSWER -the property that information is not disclosed or otherwise made available to unauthorized individuals, entities, or processes (not the same as privacy!) -Threats: Shoulder surfing Social engineering -Safety measures: Access controls Encryption of data (at rest, in transit) Social Engineering Attacks - ANSWER hacking without any code just a phone and an internet connection What are the three types of security controls? - ANSWER -Administrative: policies, standards, procedures, guidelines, personnel screening, training -Technical (Logical): authentication, firewalls, bio-metrics -Physical: locks, monitoring, mantraps, environmental controls Administrative Controls - ANSWER Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment. Technical (Logical) Controls - ANSWER The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system. Physical Controls - ANSWER Controls to protect the organization's people and physical environment, such as locks, fire management, gates, and guards; physical controls may be called "operational controls" in some contexts. How security controls, functions, and frameworks are related? - ANSWER -Controls utilized to achieve security management directives -Functions intended to enforce security controls -Framework created to make up entities, protection mechanisms (functions), processes, and procedures to help protect company basically security controls (with the main types being administrative, technical, and physical) have different functions in a company, all the different types of security controls they have make up the company's overall security framework What are the best practices for information security? - ANSWER -Rotation of duties -Mandatory Vacations -Split knowledge (separation of duties concept) -Dual control (two or more people perform same action) -Strict procedure for employee termination What are the characteristics of a project? - ANSWER -Definite beginning and end date -Produces a deliverable or outcome that creates value -Often limited by triple constraints What are the triple constraints? - ANSWER -Scope creep: adding new features incrementally over the course of the project (most common) -Scope leap: drastic increases in the projects scope