Answer the following Questions:
1. The official definition used by the US Government, as defined in the Federal Information Security Act (FISA), is "protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability."
(True/False)
2. The term information assurance, is defined as follows in NIST IR 72980 Revision 2, Glossary of Key Information Security Terms: Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
(True/False)
3. Describe CIA and when you are considered secured.
4. Which CISSP domain according to your session materials highlights intrusion detection and prevention systems?
5. According to your session materials the Cybersecurity Act (the Act) was enacted on December 18, 2015, and includes a requirement for Federal Inspectors General to generate a report describing agency policies, procedures, and practices for covered systems. List three items the Act requires the report to include:
6. According to your session materials which CISSP domain includes "Security Control Testing?"
7. According to your session material describe the difference between standards, guidelines, and procedures.
8. According to your session materials, organizational risk mitigation strategies reflect a(n) ______________ perspective on what mitigations are to be employed and where the mitigations are to be applied, to reduce information security risks to organizational operations and assets, the Nation, other organizations, and individuals.
9. According to your session materials, risk is a measure of the extent to which an entity is threatened by a potential circumstance or event. What are the two related functions?
10. Describe the four steps in the risk assessment process according to your session materials.
11. According to your session materials, a ________________________ is a management, operational, and/or technical control employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system
12. According to one of the class OERs the purpose of the system security plan is to provide detailed security requirements of the system and describe the controls in place or planned for meeting those requirements.
(True/False)
13. What are the steps in a detailed or formal risk analysis according to our session materials?
14. The information flow model is an extension of the state machine concept and serves as the basis of design for both the Biba and Bell-LaPadula models.
(True/False)
15. Describe Defense in Depth according to the materials in session 3.
16. Describe Security Architecture according to your session materials.
17. Describe Business Continuity Planning according to your session materials.
18. Describe COBIT and what it is used for according to your session materials.
19. According to our session materials, which US president described cybersecurity as one of the most important challenges we face as a Nation?
20. According to your session materials how long should your individual risk research paper/project be?