IS Security Review Questions Guide
Uploaded by
2500583IS Security Review Questions Guide
Uploaded by
2500583Common questions
Powered by AIThe main goal of the GDPR compliance standard is to protect personal data and privacy of individuals within the European Union by setting strict guidelines on data collection and processing. It differs from PCI DSS, which is focused specifically on securing credit card transactions and protecting cardholder data, not personal data at large .
Role-Based Access Control (RBAC) determines user permissions based on their role within the organization, aligning access rights with job functions. Its advantage over other access control methods is its efficiency and reduced administrative workload, as permissions are assigned to roles rather than individuals, allowing for easier management and scalability in dynamic environments .
'Risk transference' involves shifting the risk to a third party, such as through insurance, whereas 'risk avoidance' involves altering business activities to completely eliminate the risk. Risk transference is useful when organizations want to mitigate financial impacts, while risk avoidance might be applied when risks are deemed unacceptable and can be entirely circumvented .
Forensic tools and software are recommended for post-incident analysis as they are specifically designed to examine the digital footprint left by breaches, reconstruct events, and determine the nature and extent of an attack. Antivirus programs, while useful for malware detection, lack the comprehensive analysis capabilities needed to trace complex breaches and analyze data persistence .
Environmental controls are critical in protecting data centers from physical damage that could lead to operational downtime and data loss. An example of an environmental control is installing fire suppression systems, which help prevent fire damage to data center infrastructure, thereby ensuring continuity of operations and protection of critical assets .
A written information security policy is crucial to inform users about acceptable usage and responsibilities. This reason is considered most important because it provides guidance and framework for user behavior, ensuring that organizational data is handled properly .
Logical controls in information security are mechanisms that safeguard computer-based environments by managing access rights and data encryption. An example of a logical control is username and password authentication, which ensures that only authorized users can access system resources . These controls are integral to maintaining data integrity and confidentiality, preventing unauthorized access to sensitive information.
A Disaster Recovery Plan (DRP) ensures operations can continue following a major disruption or disaster, focusing on restoring systems and data to minimize downtime. Unlike preventing data breaches, which aims to stop unauthorized access, DRP is about preparing processes and resources to effectively recover from unexpected events .
The principle of 'least privilege' contributes to effective information access control by ensuring that users are granted the minimum access necessary to perform their job functions. This reduces the risk of data breaches by limiting the potential damage from unauthorized access, as users cannot access more data than needed .
Intrusion Detection Systems (IDS) are effective in network security as they detect unauthorized access and generate alerts. Their main objective is to identify potential security breaches and notify administrators, allowing for timely defensive measures before significant damage occurs. IDS are essential for maintaining vigilance over network activities without immediately blocking access, which can be critical for investigation and response .
