ITN 262 MIDTERM
1. What are the fundamental or cornerstone principles of Confidentiality, Integrity
information security? and Availability
2. A personal laptop is something you own and possess. false
A company laptop or cell phone is something you
possess. Can you install, modify or update software
applications on a company laptop or any other com-
pany-own mobile device?
3. What is Malware? Short for malicious soft-
ware. It is designed to in-
filtrate, damage, corruupt
or stealth data from an in-
formation system
4. What is an attack on network communications that active attack
actively creates or modifies network traffic
5. Free software applications such as drive-by down- true
loads, and other application from third-parties often
track and monitor your location when installed on your
personally-owned mobile devices such as laptops, cell-
phones, palmtops and other connected wearables.
6. According to Smith (2021), information security deci- true
sions should be made based on rule-based (following a
standard), relativistic (best practices), and risk assess-
ment (calculated risk) based decisions.
7. What is risk assessment? A way by which we look
at risk and choose security
measures accordingly
, ITN 262 MIDTERM
8. Risk assessment also includes: A reassessment of risks as
part of the life cycle of crit-
ical informaiton assets
9. Measuring success to protect and prevent critical in- Continuous monitoring for
formation assets include: attacks or other failures,
and recovering from prob-
lems quickly
10. What does the acronym NIST SP stand for? National Institute of Stan-
dards and Technology
Special Publication
11. According to NIST, what does the acronym RMF stand Risk Management Frame-
for? work
12. NIST SP 800-37 Rev 8 is the most current publication false
for the Risk Management Framework.
13. Cyber threat agents are cybercriminals such as Kevin true
Mitnick and Jerry Schneider.
14. The United States Federal government uses all of the above
"Rule-Based" standard and other guidelines for RMF
Risk Assessment such as: A.Confidentiality, Authentica-
tion and Authorization B.Properties
Estimations on the impact of cybersecurity failures
C.Assessments in terms of impact levels such as Not
Applicable, Low, Moderate, High
15. NIST SP 800-53 Rev 4 Covers Security and Privacy Con- true
trols for Federal Information Systems which also sup-
ports the Risk Management Framework
1. What are the fundamental or cornerstone principles of Confidentiality, Integrity
information security? and Availability
2. A personal laptop is something you own and possess. false
A company laptop or cell phone is something you
possess. Can you install, modify or update software
applications on a company laptop or any other com-
pany-own mobile device?
3. What is Malware? Short for malicious soft-
ware. It is designed to in-
filtrate, damage, corruupt
or stealth data from an in-
formation system
4. What is an attack on network communications that active attack
actively creates or modifies network traffic
5. Free software applications such as drive-by down- true
loads, and other application from third-parties often
track and monitor your location when installed on your
personally-owned mobile devices such as laptops, cell-
phones, palmtops and other connected wearables.
6. According to Smith (2021), information security deci- true
sions should be made based on rule-based (following a
standard), relativistic (best practices), and risk assess-
ment (calculated risk) based decisions.
7. What is risk assessment? A way by which we look
at risk and choose security
measures accordingly
, ITN 262 MIDTERM
8. Risk assessment also includes: A reassessment of risks as
part of the life cycle of crit-
ical informaiton assets
9. Measuring success to protect and prevent critical in- Continuous monitoring for
formation assets include: attacks or other failures,
and recovering from prob-
lems quickly
10. What does the acronym NIST SP stand for? National Institute of Stan-
dards and Technology
Special Publication
11. According to NIST, what does the acronym RMF stand Risk Management Frame-
for? work
12. NIST SP 800-37 Rev 8 is the most current publication false
for the Risk Management Framework.
13. Cyber threat agents are cybercriminals such as Kevin true
Mitnick and Jerry Schneider.
14. The United States Federal government uses all of the above
"Rule-Based" standard and other guidelines for RMF
Risk Assessment such as: A.Confidentiality, Authentica-
tion and Authorization B.Properties
Estimations on the impact of cybersecurity failures
C.Assessments in terms of impact levels such as Not
Applicable, Low, Moderate, High
15. NIST SP 800-53 Rev 4 Covers Security and Privacy Con- true
trols for Federal Information Systems which also sup-
ports the Risk Management Framework
