Which security related phrase relates to the integrity of data? Show
B. Modification is authorized Integrity means that any data is stored and transferred as intended and that any modification is authorized. Integrity is part of the CIA triad. An engineer looks to implement security measures by
following the five functions in the National Institute of Standards and Technology (NIST) framework. When documenting the "detect" function, what does the engineer focus on? C. Ongoing proactive monitoring Identify covers developing security policies and capabilities, and evaluating risks, threats, and
vulnerabilities and recommend security controls to mitigate them. How might the goals of a basic network management not be well-aligned with the goals of security? D. Management focuses on availability over confidentiality Security is increasingly thought of as a dedicated function. The goals of a network manager are not always well-aligned with the goals of security; network management focuses on availability over confidentiality. Any external responsibility for an organization's security lies mainly with which individuals? A. The owner External responsibility for security (due care or liability) lies mainly with directors or owners. It is important to note that all employees share some measure of responsibility. What distinguishes DevSecOps from a traditional SOC? D. Security is a primary consideration at every stage of software development DevSecOps extends the boundary to security specialists and personnel, reflecting the principle that security is a
primary consideration at every stage of software development and deployment. A company has an annual contract with an outside firm to perform a security audit on their network. The purpose of the annual audit is to determine if the company is in compliance with their internal directives and policies for security control. Select the broad class of security control that accurately
demonstrates the purpose of the audit. A. Managerial The three broad classes of security controls are Technical, Operational, and Managerial. Managerial is the control that gives oversight of the information system including selection of other security controls. An example of this type of control is regular scans and audits. The _____ requires federal agencies to develop security policies for computer systems that process confidential information. B. Computer Security Act The Computer Security Act (1987) specifically requires federal agencies to develop security policies for computer systems that process confidential information. After a poorly handled
security breach, a company updates its security policy to include an improved incident response plan. Which of the following security controls does this update address? C. Corrective An incident response plan is corrective. It responds to and fixes an incident. It may also prevent its recurrence. The IT department head returns from an industry conference
feeling inspired by a presentation on the topic of defense in depth. A meeting is scheduled with IT staff to brainstorm ideas for implementing defense in depth throughout the organization. Which of the following ideas are consistent with this industry's best practice? (Select all that apply.) A. Provide user training on identifying cyber threats Defense in depth means an attacker must get past multiple security controls to fully compromise a network. Since employees are the greatest security risk, user training is a critical component of defense in depth. Which of the following focuses exclusively on IT security, rather than IT service delivery? A. NIST NIST is the only organization within the IT governance space
focusing solely on security. Its standards are used by US federal agencies and publishes cybersecurity best practice guides and research. Which of the following terms means that information is stored and transferred as intended and that any modification is authorized?Integrity means that any data is stored and transferred as intended and that any modification is authorized.
Which of the following refers to technical control?technical controls. Encryption, antivirus software, IDSs, firewalls, and the principle of least privilege are technical controls.
Which of the following of the CIA triad ensures that the information is correct and no unauthorized person has altered it?Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
What is Information Security what essential protections must be in place to protect information systems from danger?Information security protects sensitive information from unauthorized activities, including inspection, modification, recording, and any disruption or destruction. The goal is to ensure the safety and privacy of critical data such as customer account details, financial data or intellectual property.
|