The official definition used by the US Government, as defined in the Federal Inf
ID: 3871140 • Letter: T
Question
The official definition used by the US Government, as defined in the Federal Information Security Act (FISA), is "protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability."
(True/False)
Answer:
The term information assurance, is defined as follows in NIST IR 7298 Revision 2, Glossary of Key Information Security Terms: Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
(True/False)
Answer:
Describe CIA and when you are considered secured.
Answer:
Determine the term for each definition
Term Definition
__________ What we are trying to protect. Computer-based assets have three components: hardware, software and data.
__________ is a set of circumstances that has the potential to cause loss or harm.
________ is a weakness in the system (that might be exploited to cause loss or harm).
________ is a human or process that exploits vulnerability on the system. It is the realization of a threat.
________ “How the attack was carried out by a threat source, e.g., malicious email attachment.”
________ is likelihood of an attack and causing harm. (Risk Analysis is determination of likelihood of an attack and quantification of harm (impact).)
_______ is a protective measure that is an action, device, procedure, or technique that removes or minimizes risk or its impact.
According to your session materials the Cybersecurity Act (the Act) was enacted on December 18, 2015, and includes a requirement for Federal Inspectors General to generate a report describing agency policies, procedures, and practices for covered systems. List three items the Act requires the report to include:
Answer:
According to your session materials which CISSP domain includes “Security Control Testing?”
Answer:
According to your session material describe the difference between standards, guidelines, and procedures.
Answer:
According to your session materials, organizational risk mitigation strategies reflect a(n) ______________ perspective on what mitigations are to be employed and where the mitigations are to be applied, to reduce information security risks to organizational operations and assets, the Nation, other organizations, and individuals.
Answer:
According to your session materials, risk is a measure of the extent to which an entity is threatened by a potential circumstance or event. What are the two related functions?
Answer:
Describe the four steps in the risk assessment process according to your session materials.
Answer:
According to your session materials, a ________________________ is a management, operational, and/or technical control employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system
Answer:
According to one of the class OERs the purpose of the system security plan is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements.
(True/False)
Answer:
What are the steps in a detailed or formal risk analysis according to our session materials?
Answer:
The information flow model is an extension of the state machine concept and serves as the basis of design for both the Biba and Bell-LaPadula models.
(True/False)
Answer:
Describe Defense in Depth according to the materials in session 3.
Answer:
Describe Security Architecture according to your session materials.
Answer:
Describe Business Continuity Planning according to your session materials.
Answer:
Describe COBIT according to your session materials.
Answer:
According to our session materials, which US president described cybersecurity as one of the most important challenges we face as a Nation?
Answer:
According to your session materials how long should your individual risk research paper/project be?
Answer:
Explanation / Answer
The official definition used by the US Government, as defined in the Federal Information Security Act (FISA), is "protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability."
True
The term information assurance, is defined as follows in NIST IR 7298 Revision 2, Glossary of Key Information Security Terms: Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
True
Describe CIA and when you are considered secured.
CIA refers to confidentiality, integrity and availability.
Confidentiality is protecting your data from unauthorized access, integrity is data is in its original form, no malicious activity has modified the data. Availability refers to data being accessible to authorized users as and when required.
You are considered secure it all your confidential data is encrypted and beyond the reach of attacker and can't be misued, there cannot be any unwanted modifications to the data and also the data is available to you as and when required.
Determine the term for each definition
Asset: What we are trying to protect. Computer-based assets have three components: hardware, software and data.
Threat: is a set of circumstances that has the potential to cause loss or harm.
Vulnerability: is a weakness in the system (that might be exploited to cause loss or harm).
Exploit: is a human or process that exploits vulnerability on the system. It is the realization of a threat.
Threat Vector :“How the attack was carried out by a threat source, e.g., malicious email attachment.”
Risk: is likelihood of an attack and causing harm. (Risk Analysis is determination of likelihood of an attack and quantification of harm (impact).)
Countermeasure: is a protective measure that is an action, device, procedure, or technique that removes or minimizes risk or its impact.
According to your session materials which CISSP domain includes “Security Control Testing?”
Domain 6: Security Assessment and Testing
According to your session material describe the difference between standards, guidelines, and procedures.
Guideline is a recommended but non mandatory control, procedures are step by step instructions for implementations whereas Standards are quantifiable low level mandatory controls.
According to your session materials, risk is a measure of the extent to which an entity is threatened by a potential circumstance or event. What are the two related functions?
Probability and Severity
Describe the four steps in the risk assessment process according to your session materials.
Step 1: Identify hazards, i.e. anything that may cause harm.
Step 2: Decide who may be harmed, and how.
Step 3: Assess the risks and take action.
Step 4: Make a record of the findings.
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.