Ch.1
_____ limits who gains access to the database while _____ limits what a user can access within the database.
Access authentication, view definition
Which of the following information security management system benefits deals with continuous improvement?
Act as framework
Which of the following is NOT an example of an information security management policy or procedure?
All employees can use the lunch room
In regards to information security, which of the following is part of identity and access management?
All of the answers are correct
Which of the following is a focus for information security?
All of the answers are correct
What would be an example of a violation of the principle of confidentiality?
An employee accessing a payroll database to find out how much others are paid
A company suffered a security breach. What is the very first thing the company needs to do?
Assess the possible areas that were affected by the breach
_____ is the process of transforming data into an unreadable form to anyone who does not know the key.
Data encryption
What is the single best way to protect your device?
Do not root it
What is NOT an example of physical security?
Encrypting email messages
_____ are threats to a database system.
Hackers and SQL injection attacks
Which of the following is NOT an example of a method used in information security?
Honor of reputation
Which of the following is NOT a benefit of an information management security system?
Increase efficiency
_____ refers to the process of making sure only those who are entitled to information can access it?
Information security
As part of implementing applications security, which of the following would a company have to do?
Install tools for identifying vulnerabilities in code
Why should security testing be a part of information security requirements?
It checks to see if expected security protection really is in place.
What is security management?
Managing the security of all data and servers in the organization
How big is the code required to turn an app into spyware?
Only a few lines
What is the main idea behind the principle of availability in information security?
People who are authorized to view data can do so when they need access
What should users keep in mind about their devices?
Phones and tablets are more similar to computer more than ever
Where should apps come from for corporate devices?
Preferably only the app store, unless it is a company app
The _____ ensures that people only have access to the information they need to do their jobs.
Principle of least privilege
What is the purpose of security operations in regards to information security?
Provide procedures and plans for maintaining security, such as security patching procedures, incident response and disaster recovery plans
As part of implementing systems security, which of the following would a company need to do?
Require secure passwords
A fast way to get a disrupted system that has been breached up and running is to:
Restore an updated data backup
Why does data need to have a recorded owner?
The data owner makes decisions about access to the data.
What does it mean when you hear that a company suffered a security breach?
The data servers and data from the company was accessed by unauthorized personnel
Which of these is something that remote access provides?
Wiping mechanism
Which of the following is NOT a type of information security?
financial database management
Database security management:
is the collection of processes and procedures used to protect data and database systems
