Information Security and Assurance C725

Recognize the growing importance of information security specialists to the information technology (IT) infrastructure and see how this can translate into a rewarding career 1. 2. Develop a strategy for pursuing a career in information security 3. Comprehend information security in the context of the mission of a business Lesson Obj. ○ Establish new user accts ○ Ensure auditing is working ○ Ensure comms b/w systems is working ○ Troubleshoot and respond to incidents • Security...

Part 1: Introduction and General Model Part 2: CC Evaluation Methodology Part 3: Extensions to the Methodology Correct Answer: Three parts of the Common Evaluation Methodology This part of the CEM describes agreed-upon principles of evaluation and introduces agreed-upon evaluation terminology dealing with the process of evaluation. Correct Answer: Part 1: Introduction and General Model This part of the CEM is based on CC Part 3 evaluator actions. It uses well-defined assertions to refi...

WGU C725 DOC NOTES QUESTIONS WITH COMPLETE SOLUTION

1. Explain the elements of the CIA Triad and give an example of each.  Confidentiality- concept of the measures used to ensure the protection of the protection of the secrecy of data, objects, or resources. o Two-factor authentication to access sensitive data  Integrity- Concept of protecting reliability and correctness of data. o ATM and bank software ensure integrity by maintaining up to date monetary records  Availability- Authorized subjects are granted timely and uninterrupt...

two of the tools security specialists use to protect information systems Correct Answer: cryptography and firewalls Security is synonymous with Correct Answer: Protection, Armor, Shield terms that impact people. best represents the three objectives of information security Correct Answer: Confidentiality, integrity, and availability Information Network Institute (INI) Correct Answer: One major educational institution, Carnegie Mellon, established the Information Network Institute (IN...

Information security is primarily a discipline to manage the behavior of _____. A. Technology B. People C. Processes D. Organizations Correct Answer: People Careers in information security are booming because of which of the following factors? A. Threats of cyberterrorism B. Government regulations C. Growth of the Internet D. All of these Correct Answer: All of these A program for information security should include which of the following elements? A. Security policies and...

After determining the potential attack concepts, the next step in threat modeling is to perform ______________ analysis. ______________ analysis is also known as decomposing the application, system, or environment. The purpose of this task is to gain a greater understanding of the logic of the product as well as its interactions with external elements.Also known as decomposing the application Correct Answer: Reduction analysis Whether an application, a system, or an entire environment, it ne...

Explain the elements of the CIA Triad and give an example of each. Correct Answer: 1. Confidentiality = Entrusting there is no information disclosure that is taking place. 2. Integrity = No tampering of data/information is taking place 3. Availability = Constant access to network or system/Backups Explain Defense in Depth. Correct Answer: Layers of security in regards to your network, such as packet filtering router, firewall, DMZ, Switches Explain the role of a Risk Matrix in Qualitativ...

Four common classes of safe ratings are Correct Answer: B-Rate: B-Rate is a catchall rating for any box with a lock on it. This rating describes the thickness of the steel used to make the lockbox. No actual testing is performed to gain this rating. C-Rate: This is defined as a variably thick steel box with a 1-inch-thick door and a lock. No tests are conducted to provide this rating, either. UL TL-15: Safes with an Underwriters Laboratory (UL) TL-15 rating have passed standardized tests ...

A job title: Have access to information resources in accordance with the owner-defined controls and access rules. Correct Answer: Users One purpose of a security awareness program is to modify which of the following? A. Employees' attitudes and behaviors B. Management's approach C. Attitudes of employees toward sensitive data D. Corporate attitudes about safeguarding data Correct Answer: A. Employees' attitudes and behaviors Explanation: Because people are the weakest link in...