Home | | Information Security | Important Short Questions and Answers: Information Security

Chapter: Information Security

Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail

Important Short Questions and Answers: Information Security

Information Security - Important Short Questions and Answers: Information Security

1. Define Information Security.

 

It is a well-informed sense of assurance that the information risks and controls are in balance.

 

2. What is Security?

 

Security is “the quality or state of being secure-to be free from danger”.

 

3. What are the multiple layers of Security?

 

Physical Security

 

Personal Security

 

Operations Security

 

Communication Security

 

Network Security

 

Information Security

 

4.What are the characteristics of CIA triangle?

 

Confidentiality

 

Integrity

 

Availability

 

5.What are the characteristics of Information Security?

 

Availability

 

Accuracy

 

Authenticity

 

Confidentiality

 

Integrity

 

Utility

 

Possession

 

6.What is E-mail Spoofing?

 

It is the process of sending an e-mail with a modified field.

 

7. What is UDP Packet Spoofing?

 

User Data Protocol (UDP) Packet Spoofing enables the attacker to get unauthorized access to data stored on computing systems.

 

8.What are the measures to protect the confidentiality of information?

Information Classification

 

Secure document storage

 

Application of general Security Policies.

 

Education of information end-users

 

9. What is Utility of information?

 

Utility of information is the quality or state of having value for some purpose or end.

 

10. What are the components of information system?

 

Software

 

Hardware

 

Data

 

People

 

Procedures

 

Networks.

 

11. What are the functions of Locks & Keys?

Locks & Keys are the traditional tools of physical security, which restricts access to, and interaction with the hardware components of an information system.

 

12. What is Network Security?

 

It is the implementation of alarm and intrusion systems to make system owners aware of ongoing compromises.

 

13. Differentiate Direct and Indirect attacks. Direct Attack

 

It is when a hacker uses his personal computer to break into the system

 

Originate from the threat itself

 Indirect Attack


It is when a system is compromised and used to attack other systems, such as in a distributed denial of service attack.


Originate from a system or resource that itself has attacked & it is malfunctioning or working under the control of a threat.


14.What is SDLC?


The Systems Development Life Cycle is a methodology for the design and implementation of an information system in an organization.


15. What is a methodology?


Methodology is a formal approach to solve a problem based on a structured sequence of procedures.


16.What are the phases of SDLC Waterfall method?


Investigation


Analysis


Logical Design


Physical Design


Implementation


Maintenance & change.


17.What is enterprise Information Security Policy?


This policy outlines the implementation of a security program within the organization.


18. What is Risk Management?


It is the process of identifying, assessing and evaluating the levels of risk facing the organization.


19.What are the functions of Information Security?


Protects the organization’s ability to function


Enables the safe operation of applications implemented on the organizations IT systems.


Protects the data the organization collects and uses.


Safeguards the technology assets in use at the organization.


20.What is PKI?

 

Public Key Infrastructure is an integrated system of software, encryption methodologies and legal agreements that can be used to support the entire information infrastructure of an organization.

 

21. What is the use of Digital Certificates?

 

Digital Certificates are used to ensure the confidentiality of Internet Communications and transactions.

 

22. What is Firewall?

 

Firewall is a device that keeps certain kinds of network traffic out of a private network.

 

23. What are caching network appliances?

 

Caching network appliances are devices that store legal copies of Internet contents such as WebPages that are frequently referred to by employees.

 

24. What are appliances?

 

Appliances display the cached pages to users rather than accessing pages from the server each time.

 

25   .What is Security? What are the security layers ,a successful organization should have?

 


Security-“The quality or state of being secure--to be free from danger”


To be protected from adversaries


Physical Security – to protect physical items,objects or areas of organization from unauthorized access and misuse


Personal Security – involves protection of individuals or group of individuals who are authorized to access the organization and its operations


Operations security – focuses on the protection of the details of particular operations or series of activities.


Communications  security–  encompasses the protection of organization’s


communications media ,technology and content


Network security – is the protection of networking components,connections,and contents


Information security – is the protection of information and its critical elements, including the systems and hardware that use ,store, and transmit the information


GLOSSARY

 

Security

ü security is defined as “the quality or state of being secure—to be free from danger.”

 

Integrity

 

ü Integrity means that data cannot be modified without authorization.

 

Components of an Information System

 

Software

 

Hardware

 

Data

 

People

 

Procedures

 

Networks

 

Subject of an attack

 

ü Computer is used as an active tool to conduct the attack.

 

Object of an attack

 

ü Computer itself is the entity being attacked

 

Direct attack

 

When a Hacker uses his personal computer to break into a system.[Originate from the threat itself]

 

Indirect attack

 

ü When a system is compromised and used to attack other system.

 

[Originate from a system or resource that itself has been attacked, and is malfunctioning or working under the control of a threat].

 

SDLC

 

SDLC is a methodology for the design and implementation of an information system in an organization.

End users

 

Work with the information to perform their daily jobs supporting the mission of the organization.

 

Data owners

 

Data custodians

 

Data users

 

Attack

 

An attack is an intentional or unintentional attempt to cause damage to or otherwise compromise the information and /or the systems that support it.

 

Risk

 

Risk is the probability that something can happen. In information security, it could be the probability of a threat to a system.

 

Security Blueprint

 

It is the plan for the implementation of new security measures in the organization. Sometimes called a frame work, the blueprint presents an organized approach to the security planning process.

 

Security Model

 

A security model is a collection of specific security rules that represents the implementation of a security policy.

 

Threats

 

A threat is a category of objects, persons, or other entities that pose a potential danger to an asset. Threats are always present.

 

Threat agent

 

ü A threat agent is the specific instance or component of a threat.

 

Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail


Copyright © 2018-2020 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.