1. Define
Information Security.
It is a well-informed sense of assurance that the
information risks and controls are in balance.
2. What
is Security?
Security
is “the quality or state of being secure-to be free from danger”.
3. What
are the multiple layers of Security?
Physical Security
Personal Security
Operations Security
Communication Security
Network Security
Information Security
4.What
are the characteristics of CIA triangle?
Confidentiality
Integrity
Availability
5.What
are the characteristics of Information Security?
Availability
Accuracy
Authenticity
Confidentiality
Integrity
Utility
Possession
6.What is
E-mail Spoofing?
It is the
process of sending an e-mail with a modified field.
7. What
is UDP Packet Spoofing?
User Data Protocol (UDP) Packet Spoofing enables
the attacker to get unauthorized access to data stored on computing systems.
8.What
are the measures to protect the confidentiality of information?
Information
Classification
Secure
document storage
Application
of general Security Policies.
Education
of information end-users
9. What
is Utility of information?
Utility
of information is the quality or state of having value for some purpose or end.
10. What
are the components of information system?
Software
Hardware
Data
People
Procedures
Networks.
11. What
are the functions of Locks & Keys?
Locks & Keys are the traditional tools of
physical security, which restricts access to, and interaction with the hardware
components of an information system.
12. What
is Network Security?
It is the implementation of alarm and intrusion
systems to make system owners aware of ongoing compromises.
13. Differentiate Direct and Indirect attacks. Direct Attack
It is when a hacker uses his personal computer to
break into the system
Originate from the threat itself
It is when a system is compromised and used to attack other systems, such as in a distributed denial of service attack.
Originate from a system or resource that itself has attacked & it is malfunctioning or working under the control of a threat.
14.What is SDLC?
The Systems Development Life Cycle is a methodology for the design and implementation of an information system in an organization.
15. What is a methodology?
Methodology is a formal approach to solve a problem based on a structured sequence of procedures.
16.What are the phases of SDLC Waterfall method?
Investigation
Analysis
Logical Design
Physical Design
Implementation
Maintenance & change.
17.What is enterprise Information Security Policy?
This policy outlines the implementation of a security program within the organization.
18. What is Risk Management?
It is the process of identifying, assessing and evaluating the levels of risk facing the organization.
19.What are the functions of Information Security?
Protects the organization’s ability to function
Enables the safe operation of applications implemented on the organizations IT systems.
Protects the data the organization collects and uses.
Safeguards the technology assets in use at the organization.
20.What is PKI?
Public Key Infrastructure is an integrated system
of software, encryption methodologies and legal agreements that can be used to
support the entire information infrastructure of an organization.
21. What
is the use of Digital Certificates?
Digital Certificates are used to ensure the
confidentiality of Internet Communications and transactions.
22. What
is Firewall?
Firewall
is a device that keeps certain kinds of network traffic out of a private
network.
23. What
are caching network appliances?
Caching network appliances are devices that store
legal copies of Internet contents such as WebPages that are frequently referred
to by employees.
24. What
are appliances?
Appliances display the cached pages to users rather
than accessing pages from the server each time.
25 .What is
Security? What are the security layers ,a successful organization should have?
Security-“The quality or state of being secure--to be free from danger”
To be protected from adversaries
Physical Security – to protect physical items,objects or areas of organization from unauthorized access and misuse
Personal Security – involves protection of individuals or group of individuals who are authorized to access the organization and its operations
Operations security – focuses on the protection of the details of particular operations or series of activities.
Communications security– encompasses the protection of organization’s
communications media ,technology and content
Network security – is the protection of networking components,connections,and contents
Information security – is the protection of information and its critical elements, including the systems and hardware that use ,store, and transmit the information
GLOSSARY
Security
ü security is defined as “the quality or state of being secure—to be free from
danger.”
Integrity
ü Integrity means that data cannot be modified without authorization.
Components of an Information System
Software
Hardware
Data
People
Procedures
Networks
Subject of an attack
ü Computer is used as an active
tool to conduct the attack.
Object of an attack
ü Computer itself is the entity
being attacked
Direct attack
When a Hacker uses his personal computer to break into a
system.[Originate from the threat itself]
Indirect attack
ü When a system is compromised and
used to attack other system.
[Originate
from a system or resource that itself has been attacked, and is malfunctioning
or working under the control of a threat].
SDLC
SDLC is a methodology for the design
and implementation of an information system in an organization.
End users
Work with the information to perform their daily
jobs supporting the mission of the organization.
Data owners
Data custodians
Data users
Attack
An attack is an intentional or unintentional attempt to cause damage to
or otherwise compromise the information and /or the systems that support it.
Risk
Risk is the probability that something can happen. In information
security, it could be the probability of a threat to a system.
Security Blueprint
It is the plan for the implementation of new security measures in the
organization. Sometimes called a frame work, the blueprint presents an
organized approach to the security planning process.
Security Model
A security model is a collection of specific security rules that
represents the implementation of a security policy.
Threats
A threat is a category of objects, persons, or other entities that pose
a potential danger to an asset. Threats are always present.
Threat agent
ü A threat agent is the specific
instance or component of a threat.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2024 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.