Foundations Of Information Security And Assurance

Foundations Of Information Security And Assurance



INFA 610

Foundations of Information Security and Assurance

Quiz 1

TRUE/FALSE QUESTIONS: (Put T or F in the following table)

1. Threats are attacks carried out.

2. Computer security is protection of the integrity, availability, and confidentiality of information system resources.

3. Data integrity assures that information and programs are changed only in a specified and authorized manner.

4. Availability assures that systems works promptly and service is not denied to authorized users.

5. The “A” in the CIA triad stands for “authenticity”.

6. Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them.

7. Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system.

8. Hardware is the most vulnerable to attack and the least susceptible to automated controls.

9. Contingency planning is a functional area that primarily requires computer security technical measures.

10. X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications.

11. Assurance is the process of examining a computer product or system with respect to certain criteria.

12. One of the most influential computer security models is the Bell-LaPadula model.

13. The BLP model effectively breaks down when (untrusted) low classified executable data are allowed to be executed by a high clearance (trusted) subject.

14. The Biba models deals with confidentiality and is concerned with unauthorized disclosure of information.

15. Multilevel security is of interest when there is a requirement to maintain a resource in which multiple levels of data sensitivity are defined.

16. The addition of multilevel security to a database system does not increase the complexity of the access control function.

17. The Common Criteria for Information Technology and Security Evaluation are ISO standards for specifying security requirements and defining evaluation criteria.

18. Organizational security objectives identify what IT security outcomes should be achieved.

19. The assignment of responsibilities relating to the management of IT security and the organizational infrastructure is not addressed in a corporate security policy.

20. It is not critical that an organization’s IT security policy have full approval or -in by senior management.

21. Because the responsibility for IT security is shared across the organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control.

22. A major disadvantage of the baseline risk assessment approach is the significant cost in time, resources, and expertise needed to perform the analysis.

23. A threat may be either natural or human made and may be accidental or deliberate.

24. To ensure that a suitable level of security is maintained, management must follow up the implementation with an evaluation of the effectiveness of the security controls.

25. Detection and recovery controls provide a means to restore lost computing resources.

26. Physical access or environmental controls are only relevant to areas housing the relevant equipment.

27. Once in place controls cannot be adjusted, regardless of the results of risk assessment of systems in the organization.

28. It is likely that the organization will not have the resources to implement all the recommended controls.

29. The selection of recommended controls is not guided by legal requirements.

30. The implementation phase comprises not only the direct implementation of the controls, but also the associated training and general security awareness programs for the organization.

31. Appropriate security awareness training for all personnel in an organization, along with specific training relating to particular systems and controls, is an essential component in implementing controls.

32. Security architecture, and which controls you elect to put in place, should be risk-based and driven by business needs, expressed in policy.

33. For the cost effect, Commercial organizations and federal agencies tend to have a simple security architecture, whether explicit or not.

34. The ISO/IEC 27000 series is much more commonly applied in government than in commercial organizations.

35. Management should set a simple policy direction in line with business plans and demonstrate support for, and commitment to, IT security through the issue and maintenance of an IT security policy across the organization.

36. Access to information, information processing facilities, and business processes should be controlled on the basis of employee’s requirements.

37. Access control rules do not have to take account of policies for information dissemination and authorization.

38. NIST Special Publication 800-53 Recommended Security Controls for Commercial Information Systems.

39. The primary characteristic of the SABSA model is that everything must be derived from an analysis of the user’s requirements for security.

40. COBIT includes best practices, measures, and processes organizations can implement to standardize (and theoretically improve) IT management.

Please put your answers in the following table and only submit the table to the assignment folder. Do not include the above questions. Your submitted table should be editable and saved in a file named as: INFA610_QUIZ1_Firstname_Lastname (e.g. INFA610_QUIZ1_Henry_Tsai).



Your Answer (T or F)


Your Answer (T or F)









































Name: _______________________________________________

First Last

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 30% with the discount code HAPPY