1. What
are the commonly accepted information security Principles?
confidentiality
Integrity
Availability
Authentication
Authorization
Accountability
Privacy.
2. What
is benefit?
It is the
value that the organization recognizes by using controls to prevent loses
associated with a specific vulnerability.
3. What
is asset valuation?
It is the
process of assigning financial value or worth to each information asset. 4.
What is a Policy?
It is a
plan or course of action, as of a government, political party, intended to
influence and determine decisions, actions and other matters.
5.
Differentiate mission & Vision.
Mission:
Mission of an organization is a written statement of an organization’s purpose.
Vision: Vision of an organization is a written statement of an organization’s
goals.
6. What
is Strategic Planning?
It is the
process of moving the organization towards its vision by accomplishing its
mission.
9. What
are the general groups of System-Specific Policy?
Access Control Lists
Configuration Rules.
8. What
is a Capability table?
It is a list associated with users and groups
Specifies which subjects and objects a user or
group can access.
These are frequently complex matrices rather than
simple lists or tables.
9. What
is “Agreed Upon Procedures”?
It is a document that outlines the policies and
technologies necessary to security systems that carry the sensitive cardholder
information to and from from VISA systems.
10. What
is redundancy?
Implementing
multiple types of technology and thereby preventing failure of one system from
compromising the security of the information is referred to as redundancy.
11. What
is a Firewall?
It is a device that selectively discriminates
against information flowing into or out of the organization.
12 . What
is Firewall Subnet?
It
consists of multiple firewalls creating a buffer between the outside and inside
networks.
13. What
is DMZs?
A buffer
against outside attack is referred to as Demilitarized Zone.
It is a
no-man’s-land between the inside and outside networks where some organizations
place Web Servers.
The
servers provide access to organizational Web pages without allowing Web
requests to enter the interior networks.
14. What
are the 2 versions of IDS? • Hot-based IDS
Network-based IDS
15. What
is Contingency Planning?
It is the entire planning conducted by the
organization to prepare for, react to, and recover from events that threaten
the security of information and information assets in the organization.
16. Who
are the members of the contingency team?
Champion
Project Manager
Team Members.
17. What
are the stages in the Business Impact Analysis Step>?
Threat attack identification
Business unit analysis
Attack success scenarios
Potential damage assessment
Subordinate plan classification
18. What
is an attack profile?
It is a
detailed description of activities that occur during an attack.
19. What is an incident?
It is any clearly identified attack on the
organization’s information assets that would threaten the asset’s
confidentiality, integrity, or availability.
20. What
are the phases of Incident Response?
Planning
Detection
Reaction
Recovery.
21. What
are the 5 testing strategies of Incident Planning?
Checklist
Structured walk-through
Simulation
Parallel
Full interruption
22. What
is an alert roster?
It is a document containing contact information for
individuals to be notified in the event of an incident.
23. What
are the 2 ways to activate an alert roster?
Sequential roster – It is activated as a contact
person calls each person on the roster.
Hierarchical roster – It is activated as the first
person calls a few other people on the roster, who in turn call a few people.
24. What
is computer forensics?
It is the
process of collecting, analyzing and preserving computer related evidence.
25. What
are Honey pots?
These are computer servers configured to reassemble
production systems, containing rich information just begging to be hacked.
26. What
is enticement?
It is the
process of attracting attention to a system by placing tantalizing bits of
information in key locations.
27. What
is entrapment?
It is the
action of luring an individual into committing a crime to get a conviction.
28. What
is Mutual agreement?
It is a
contract between two or more organization’s that specifies how each to assist
the other in the event of a disaster.
Policy:
course of
action used by an organization to convey instructions from management to those
who perform duties
Types of Policies
Enterprise
information Security program Policy(EISP)
Issue-specific
information Security Policy ( ISSP)
Systems-specific
information Security Policy (SysSP)
Defense in Depth
One of
the basic foundations of security architectures is the implementation of
security in layers. This layered approach is called defense in depth.
Firewall
A firewall is a device that selectively
discriminates against information flowing into or out of the organization.
Cache servers
For more
frequently accessed Web pages, proxy servers can cache or temporarily store the
page, and thus are sometimes called cache
servers.
Contingency Planning (CP)
Contingency
Planning (CP) comprises a set of plans designed to ensure the effective
reaction and recovery from an attack and the subsequent restoration to normal
modes of business operations.
Incident response plan (IRP)
It is the
set of activities taken to plan for, detect, and correct the impact of an
incident on information assets.
Business Continuity Plan (BCP)
It
prepares an organization to reestablish critical business operations during a
disaster that affects operations at the primary site.
Disaster Recovery Plan (DRP)
DRP
provides detailed guidance in the event of a disaster and also provides details
on the roles and responsibilities of the various individuals involved in the
disaster recovery effort, and identifies the personnel and agencies that must
be notified.
Redundancy
Implementing
multiple types of technology and thereby preventing the failure of one system
from compromising the security of the information is referred to as redundancy.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2024 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.