CINS 3044 Test 1
Policy vs Law
Ignorance of a policy is an acceptable defense, whereas ignorance of law is not
•In digital forensics, all investigations follow the same basic methodology:
1.Identify relevant items of evidentiary value (EM) 2.Acquire (seize) the evidence without alteration or damage 3.Take steps to assure that the evidence is at every step verifiably authentic and is unchanged from the time it was seized 4.Analyze the data without risking modification or unauthorized access 5.Report the findings to the proper authority
guidelines
nonmandatory recommendations the employee may use as a reference in complying with a policy
Accountability
the access control mechanism that ensures all actions on a system—authorized or unauthorized—can be attributed to an authenticated identity. Also known as auditability
Digital Forensics
the preservation, identification, extraction, documentation, and interpretation of digital media for evidentiary and/or root cause analysis
3 categories of unethical behavior:
•Ignorance •Accident •Intent
5 foundations and frameworks of ethics:
•Normative ethics •Meta-ethics •Descriptive ethics •Applied ethics •Deontological ethics
Unique functions of Info Sec (The 6 P's)
•Planning •Policy •Programs •Protection •People •Project management
5 ethical standards:
•Utilitarian approach •Rights approach •Fairness or justice approach •Common good approach •Virtue approach
5 Areas of Security
1. Physical Security 2. Operations Security 3. Communications security 4. Cyber Security 5. Network Security
IDEAL model
Initiating - lay the groundwork for a succesful imporvement enviroment, Diagnosing - determine where you are relative to where you want to be, Establishing - plan the specifics of how you will reach your destination, Acting - do the work according to the plan, Learning - learn from the experience
availability
an attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction
Writing a policy is not always as easy as it seems. However, the prudent security manager always scours available resources for __________ that may be adapted to the organization.
examples
practices
examples of actions that illustrate compliance with policies
It is the responsibility of InfoSec professionals to understand state laws and bills. ____________
false
The "Authorized Uses" section of an ISSP specifies what the identified technology cannot be used for.
false
When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment. __________
false
A model of InfoSec that offers a comprehensive view of security for data while being stored, processed, or transmitted is the __________ security model.
CNSS
Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past?
Descriptive ethics
Tactical Planning
Has a short term focus of 1-3 years. breaks applicable strategic goals into a series of incremental objectives.
Which law addresses privacy and security concerns associated with the electronic transmission of PHI?
Health Information Technology for Economic and Clinical Health Act
This collaborative support group began as a cooperative effort between the FBI's Cleveland field office and local technology professionals with a focus of protecting critical national infrastructure.
InfraGard
5 Steps to Solving Problems
Step 1: Recognize and Define the Problem Step 2: Gather Facts and Make Assumptions Step 3: Develop Possible Solutions Step 4: Analyze and Compare Possible Solutions (Feasibility Analyses) Step 5: Select, Implement, and Evaluate a Solution
Force of Nature
Things such as power outages from weather or acts of war.
The basic outcomes of InfoSec governance should include all but which of the following?
Time management by aligning resources with personnel schedules and organizational objectives
What is security?
To be free from danger. To be protected from the risk of loss, damage, unwanted modification, etc.
Espionage
When an unauthorized person gains access to protected information. Inlcudes: brute force attack, dictionary password attack, rainbow tables, social engineering.
standard
a detailed statement of what must be done to comply with policy, sometimes viewed as the rules governing policy compliance
policy
a set of organizational guidelines that dictate certain behavior within the organization
What are the two general approaches for controlling user authorization for the use of a technology?
access control lists and capability tables
Confidentiality
an attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems
Integrity
an attribute of information that describes how data is whole, complete, and uncorrupted
Vision Statement
an idealistic expression of what the organization wants to become, whereas the mission statement describes how it wants to get there
issue-specific security policy
an organizational policy that provides detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies
A risk assessment is performed during which phase of the SDLC?
analysis
The most complex part of an investigation is usually __________.
analysis for potential EM
Force majeure includes all of the following EXCEPT:
armed robbery
ethics
as the organized study of how humans ought to act or a set of rules we should live by
Intellectual Property
can be trade secrets, copyrights, trademarks, and patents. Includes 2 primary areas: software piracy and copyright protection.
Which of the following is a C.I.A. triad characteristic that ensures only those with sufficient privileges and a demonstrated need may access certain information?
confidentiality
Information Security focuses on these 3 characteristics (CIA Triad):
confidentiality, integrity, availability
The process of integrating the governance of the physical security and information security efforts is known in the industry as __________.
convergence
Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies, and technical controls.
deterrence
A __________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
distributed denial of service
Ransomware
encrypt the user's data and offer to unlock it for a price
Access control lists regulate who, what, when, where, and why authorized users can access a system.
false
Information ambiguation occurs when pieces of nonprivate data are combined to create information that violates privacy. _________________________
false
The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. __________
false
The first step in solving problems is to gather facts and make assumptions.
false
To protect intellectual property and competitive advantage, Congress passed the Entrepreneur Espionage Act (EEA) in 1996. ___________
false
Values statements should be ambitious; after all, they are meant to express the aspirations of an organization. ____________
false
Laws, policies, and their associated penalties only provide deterrence if three conditions are present. Which of these is NOT one of them?
frequency of review
One form of online vandalism is __________, in which individuals interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
hacktivism
Quality of Service
includes powers grids, data networks, parts suppliers, etc. 3 primary areas: Internet issues, communications service, power irregularities
Configuration rules
instructional codes that guide the execution of the system when information is passing through it
Which of the following is a C.I.A. triad characteristic that addresses the threat from corruption, damage, destruction, or other disruption of its authentic state?
integrity
A detailed outline of the scope of the policy development project is created during which phase of the SDLC?
investigation
Which phase of the SDLC should get support from senior management?
investigation
Enterprise information security policy
is high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts
Policy
organizational guidelines that dictate certain behavior within the organization, quality info sec program begins and ends with policy.
System-Specific Security Policies
organizational policies that often function as standards or procedures to be used when configuring or maintaining systems
IT's focus is the efficient and effective delivery of information and administration of information resources, while InfoSec's primary focus is the __________ of all information assets.
protection
The individual accountable for ensuring the day-to-day operation of the InfoSec program, accomplishing the objectives identified by the CISO, and resolving issues identified by technicians is known as a(n) ____________.
security manager
procedures
step-by-step instructions designed to assist employees in following policies, standards, and guidelines
Which level of planning breaks down each applicable strategic goal into a series of incremental objectives?
tactical
Authorization
the access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels
Authentication
the access control mechanism that requires the validation and verification of an unauthenticated entity's purported identity
Identification
the access control mechanism whereby unverified entities who seek access to a resource provide a label by which they are known to the system
Strategic planning
the process of defining and specifying the long-term direction (strategy) to be taken by an organization, and the allocation and acquisition of resources needed to pursue this effort
Privacy
the right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality
Governance
the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately, and verifying that the enterprise's resources are used responsibly
Digital forensics can be used for two key purposes: ________ or _________.
to investigate allegations of digital malfeasance; to perform root cause analysis
A clearly directed strategy flows from top to bottom rather than from bottom to top.
true
A maintenance model is intended to focus ongoing maintenance efforts so as to keep systems usable and secure.
true
Policies must specify penalties for unacceptable behavior and define an appeals process.
true
The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information.
true
Today's InfoSec systems need constant monitoring, testing, modifying, updating, and repairing.
true
Due diligence requires that an organization make a valid and ongoing effort to protect others. ____________
true
Information security policies are designed to provide structure in the workplace and explain the will of the organization's management. ____________
true
Operational planning
used by managers and employees to organize the ongoing, day-to-day performance of tasks
In which SDLC model does the work product from each phase transition into the next phase to serve as its starting point while allowing movement back to a previous phase should the project require it?
waterfall