Home | | Information Security | Important Short Questions and Answers: Logical Design

Chapter: Information Security : Logical Design

Important Short Questions and Answers: Logical Design

Information Security - Logical Design - Important Short Questions and Answers: Logical Design

 

1. What are the commonly accepted information security Principles?

 

confidentiality

 

Integrity

 

Availability

 

Authentication

 

Authorization

 

Accountability

 

Privacy.

 

2. What is benefit?

 

It is the value that the organization recognizes by using controls to prevent loses associated with a specific vulnerability.

 

3. What is asset valuation?

 

It is the process of assigning financial value or worth to each information asset. 4. What is a Policy?

 

It is a plan or course of action, as of a government, political party, intended to influence and determine decisions, actions and other matters.

 

5. Differentiate mission & Vision.

 

Mission: Mission of an organization is a written statement of an organization’s purpose. Vision: Vision of an organization is a written statement of an organization’s goals.

 

6. What is Strategic Planning?

 

It is the process of moving the organization towards its vision by accomplishing its mission.

 

9. What are the general groups of System-Specific Policy?

 

Access Control Lists

 

Configuration Rules.

 

8. What is a Capability table?

 

It is a list associated with users and groups

 

Specifies which subjects and objects a user or group can access.

 

These are frequently complex matrices rather than simple lists or tables.

 

9. What is “Agreed Upon Procedures”?

 

It is a document that outlines the policies and technologies necessary to security systems that carry the sensitive cardholder information to and from from VISA systems.

 

10. What is redundancy?

 

Implementing multiple types of technology and thereby preventing failure of one system from compromising the security of the information is referred to as redundancy.

 

11. What is a Firewall?

 

It is a device that selectively discriminates against information flowing into or out of the organization.

 

12 . What is Firewall Subnet?

 

It consists of multiple firewalls creating a buffer between the outside and inside networks.

 

13. What is DMZs?

 

A buffer against outside attack is referred to as Demilitarized Zone.

 

It is a no-man’s-land between the inside and outside networks where some organizations place Web Servers.

 

The servers provide access to organizational Web pages without allowing Web requests to enter the interior networks.

 

14. What are the 2 versions of IDS? • Hot-based IDS

 

Network-based IDS

 

15. What is Contingency Planning?

 

It is the entire planning conducted by the organization to prepare for, react to, and recover from events that threaten the security of information and information assets in the organization.

 

16. Who are the members of the contingency team?

 

Champion

 

Project Manager

 

Team Members.

 

17. What are the stages in the Business Impact Analysis Step>?

 

Threat attack identification

 

Business unit analysis

 

Attack success scenarios

 

Potential damage assessment

 

Subordinate plan classification

 

 

 

18. What is an attack profile?

 

It is a detailed description of activities that occur during an attack.

 

 19. What is an incident?

It is any clearly identified attack on the organization’s information assets that would threaten the asset’s confidentiality, integrity, or availability.

 

20. What are the phases of Incident Response?

 

Planning

 

Detection

 

Reaction

 

Recovery.

 

21. What are the 5 testing strategies of Incident Planning?

 

Checklist

 

Structured walk-through

 

Simulation

 

Parallel

 

Full interruption

 

22. What is an alert roster?

 

It is a document containing contact information for individuals to be notified in the event of an incident.

 

23. What are the 2 ways to activate an alert roster?

 

Sequential roster – It is activated as a contact person calls each person on the roster.

 

Hierarchical roster – It is activated as the first person calls a few other people on the roster, who in turn call a few people.

 

24. What is computer forensics?

 

It is the process of collecting, analyzing and preserving computer related evidence.

 

25. What are Honey pots?

 

These are computer servers configured to reassemble production systems, containing rich information just begging to be hacked.

 

26. What is enticement?

 

It is the process of attracting attention to a system by placing tantalizing bits of information in key locations.

 

27. What is entrapment?

 

It is the action of luring an individual into committing a crime to get a conviction.

 

28. What is Mutual agreement?

 

It is a contract between two or more organization’s that specifies how each to assist the other in the event of a disaster.

 

 

Policy:

 

course of action used by an organization to convey instructions from management to those who perform duties

 

Types of Policies

 

Enterprise information Security program Policy(EISP)

 

Issue-specific information Security Policy ( ISSP)

 

Systems-specific information Security Policy (SysSP)

 

Defense in Depth

 

One of the basic foundations of security architectures is the implementation of security in layers. This layered approach is called defense in depth.

 

Firewall

 

A firewall is a device that selectively discriminates against information flowing into or out of the organization.

 

Cache servers

 

For more frequently accessed Web pages, proxy servers can cache or temporarily store the page, and thus are sometimes called cache servers.

 

Contingency Planning (CP)

 

Contingency Planning (CP) comprises a set of plans designed to ensure the effective reaction and recovery from an attack and the subsequent restoration to normal modes of business operations.

 

Incident response plan (IRP)

 

It is the set of activities taken to plan for, detect, and correct the impact of an incident on information assets.

 

Business Continuity Plan (BCP)

 

It prepares an organization to reestablish critical business operations during a disaster that affects operations at the primary site.

 

Disaster Recovery Plan (DRP)

 

DRP provides detailed guidance in the event of a disaster and also provides details on the roles and responsibilities of the various individuals involved in the disaster recovery effort, and identifies the personnel and agencies that must be notified.

 

Redundancy

 

Implementing multiple types of technology and thereby preventing the failure of one system from compromising the security of the information is referred to as redundancy.


Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail
Information Security : Logical Design : Important Short Questions and Answers: Logical Design |


Privacy Policy, Terms and Conditions, DMCA Policy and Compliant

Copyright © 2018-2024 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.