ASIS APP EXAM- Flashcards 2025 Edition|
QUESTIONS AND WELL VERIFIED ANSWERS
|ACTUAL EXAM 100%
What are the three threat categories in information asset protection? -
✔✔Intentional
Natural,
Inadvertent
To assess these types of threats, one must identify potential adversaries and evaluate
their capability and intention to target key information assets. - ✔✔Intentional
Threats
These types of threats can be attributed to inadequate employee training,
misunderstanding, lack of attention to detail, lax security enforcement, pressure to
produce deliverables, and insufficient staffing. - ✔✔Inadvertent Threats
How does layered protection apply to information protection? - ✔✔Apply multiple
levels of protection to information assets,
Ensure that layers of protection complement each other,
Build a coordinated strategy that integrates families of protective measures (e.g.
technical, physical, access control).
Access to internal information should be restricted to which groups? - ✔✔Company
personnel and those who have signed a nondisclosure agreement.
How should obsolete prototypes, models, and test items be disposed of? - ✔✔They
should be destroyed so they can't be reverse engineered.
,What is a patent? - ✔✔Information that has the government grant of a right,
privilege, or authority to exclude others from making, using, marketing, selling, offering
for sale, or importing an invention for a specified period granted to the inventor if the
device or process is novel, useful, and non-obvious.
What is a trademark? - ✔✔Legal protection for words, names, symbols, devices, or
images applied to products or used in connection with goods or services to identify their
source.
What is a copyright? - ✔✔A property right in an original work of authorship fixed in
any tangible medium of expression, giving the holder the exclusive right to reproduce,
adapt, distribute, perform, and display the work.
What is the best way to start addressing infringements of patents, copyrights, and
trademarks? - ✔✔By registering those rights.
What are four response options when a copyright has been violated? - ✔✔Hire legal
counsel,
Informing the proper authorities,
Conducting investigations, raids, and seizures,
Initiating civil litigation, administrative proceedings, and criminal prosecutions.
What qualifies something as a trade secret? - ✔✔The information added value or
benefit to the owner,
The trade secret was specifically identified, and
The owner provided a reasonable level of protection for the information.
,What is a non-disclosure agreement? - ✔✔A legal contract that establishes a
relationship between two or more parties outlining confidentiality and the responsibility
of protecting information.
What is proprietary information? - ✔✔Information of value, owned by an entity or
entrusted to it, which has not been disclosed publicly.
What are the two primary aspects of recovery after an information loss? - ✔✔Return
to normal business operations as soon as possible,
Implement measures to prevent a recurrence.
What is confidentiality? - ✔✔The ability to control the authorization to observe,
access, share, or disseminate information.
When is it appropriate to recycle papers that contain proprietary information? -
✔✔When the papers have been properly destroyed.
What is data mining? - ✔✔Software-driven collection of open-source data and public
information.
What are three ways to solidify confidentiality expectations in employees and business
partners? - ✔✔Confidentiality,
Intellectual property,
Nondisclosure agreements.
What is counterfeiting? - ✔✔The manufacturing or distribution of goods under
someone else's name, and without their permission.
, What is piracy? - ✔✔The act of copying, stealing, reproducing, transmitting, or selling
the intellectual property of another without consent.
What three aspects of information must be protected? - ✔✔Confidentiality,
Integrity,
Availabilty.
What should be included in regularly performed information asset protection risk
assessments? - ✔✔Risk monitoring to address changes in security requirements as
well as changes in the nature of the information assets, threats, frequency of threat
occurrence, vulnerabilities, and impacts.
What are five business impacts of an information asset loss event? - ✔✔Loss of
company reputation/image/goodwill,
Loss of competitive advantage in one product/service,
Reduced projected/anticipated returns or profitability,
Loss of core business technology or process,
Loss of competitive advantage in multiple products/services.
To what extent should information asset protection programs be tailored? - ✔✔The
organization's size, type, strategy, mission, and operating environment.
What is the purpose of marking information that warrants protection? - ✔✔The
marking distinguishes the sensitivity of the information and the degree of protection
warranted.
What personnel matters play a role in information asset protection programs? -
✔✔Due diligence investigations of potential partners,
QUESTIONS AND WELL VERIFIED ANSWERS
|ACTUAL EXAM 100%
What are the three threat categories in information asset protection? -
✔✔Intentional
Natural,
Inadvertent
To assess these types of threats, one must identify potential adversaries and evaluate
their capability and intention to target key information assets. - ✔✔Intentional
Threats
These types of threats can be attributed to inadequate employee training,
misunderstanding, lack of attention to detail, lax security enforcement, pressure to
produce deliverables, and insufficient staffing. - ✔✔Inadvertent Threats
How does layered protection apply to information protection? - ✔✔Apply multiple
levels of protection to information assets,
Ensure that layers of protection complement each other,
Build a coordinated strategy that integrates families of protective measures (e.g.
technical, physical, access control).
Access to internal information should be restricted to which groups? - ✔✔Company
personnel and those who have signed a nondisclosure agreement.
How should obsolete prototypes, models, and test items be disposed of? - ✔✔They
should be destroyed so they can't be reverse engineered.
,What is a patent? - ✔✔Information that has the government grant of a right,
privilege, or authority to exclude others from making, using, marketing, selling, offering
for sale, or importing an invention for a specified period granted to the inventor if the
device or process is novel, useful, and non-obvious.
What is a trademark? - ✔✔Legal protection for words, names, symbols, devices, or
images applied to products or used in connection with goods or services to identify their
source.
What is a copyright? - ✔✔A property right in an original work of authorship fixed in
any tangible medium of expression, giving the holder the exclusive right to reproduce,
adapt, distribute, perform, and display the work.
What is the best way to start addressing infringements of patents, copyrights, and
trademarks? - ✔✔By registering those rights.
What are four response options when a copyright has been violated? - ✔✔Hire legal
counsel,
Informing the proper authorities,
Conducting investigations, raids, and seizures,
Initiating civil litigation, administrative proceedings, and criminal prosecutions.
What qualifies something as a trade secret? - ✔✔The information added value or
benefit to the owner,
The trade secret was specifically identified, and
The owner provided a reasonable level of protection for the information.
,What is a non-disclosure agreement? - ✔✔A legal contract that establishes a
relationship between two or more parties outlining confidentiality and the responsibility
of protecting information.
What is proprietary information? - ✔✔Information of value, owned by an entity or
entrusted to it, which has not been disclosed publicly.
What are the two primary aspects of recovery after an information loss? - ✔✔Return
to normal business operations as soon as possible,
Implement measures to prevent a recurrence.
What is confidentiality? - ✔✔The ability to control the authorization to observe,
access, share, or disseminate information.
When is it appropriate to recycle papers that contain proprietary information? -
✔✔When the papers have been properly destroyed.
What is data mining? - ✔✔Software-driven collection of open-source data and public
information.
What are three ways to solidify confidentiality expectations in employees and business
partners? - ✔✔Confidentiality,
Intellectual property,
Nondisclosure agreements.
What is counterfeiting? - ✔✔The manufacturing or distribution of goods under
someone else's name, and without their permission.
, What is piracy? - ✔✔The act of copying, stealing, reproducing, transmitting, or selling
the intellectual property of another without consent.
What three aspects of information must be protected? - ✔✔Confidentiality,
Integrity,
Availabilty.
What should be included in regularly performed information asset protection risk
assessments? - ✔✔Risk monitoring to address changes in security requirements as
well as changes in the nature of the information assets, threats, frequency of threat
occurrence, vulnerabilities, and impacts.
What are five business impacts of an information asset loss event? - ✔✔Loss of
company reputation/image/goodwill,
Loss of competitive advantage in one product/service,
Reduced projected/anticipated returns or profitability,
Loss of core business technology or process,
Loss of competitive advantage in multiple products/services.
To what extent should information asset protection programs be tailored? - ✔✔The
organization's size, type, strategy, mission, and operating environment.
What is the purpose of marking information that warrants protection? - ✔✔The
marking distinguishes the sensitivity of the information and the degree of protection
warranted.
What personnel matters play a role in information asset protection programs? -
✔✔Due diligence investigations of potential partners,
