Study Questions for: Professional & Security Standards
Describe Prism, Upstream, the NSA's Data Centers, and how they're used.
From your quick study of most dangerous software errors, critical security controls, and
server hardening tips: Describe the top three threats to information security and how to mitigate them.
Name and discuss the pillars of information security that make up this acronymn: CIAAN.
For decades the Pillars of Information Security were represented by the acronym CIA. In more recent
years, the pillars are CIAAN. What does each of the 5 letters represent?
Define 'protection' in information systems as it was presented in class, Protection = ? + (?? + ???).
Name each of the terms that replace the ?marks, and give an activity associated with it.
Describe modern B2B networking. Use and describe each of these terms in your description: EDI, X12,
HTTP, SSL, Trading Partners, Public Keys.
Sketch and label the 'trilogy of trilogies' that thoroughly describes information security.
Summarize it in a few sentences.
Name and briefly describe at least the 4 Threat Vectors discussed in class.
Describe each of these Threat Vectors: Remote, Proximate, Insider, Supply Chain.
Describe each of these network attacks: Reconnaissance, Access, DoS, Data Manipulation.
Expand the acronymn and briefly characterize each/some/any of these standards, protocols, and laws: GES, COBIT, ITIL, SOX,
PCI, EDI, X12, HIPAA.
Describe SOX and how it affects IS operations and accounting for publicly traded companies.
What are PCI - Payment Card Industry standards? How do they affect on-line and other merchants and businesses
who are the custodians of customers' and suppliers' payment card and bank account data?
Describe EDI, ANSI X12, EDIFact and how they're important for supply-chain management and most B2B
Unmanaged IT assets are everywhere these days and rife with vulnerabilities that must
be considered when securing a network. What are they, and what steps should be taken to
mitigate their risks.
Describe a scheme where some cracker exploits one of the threat vectors. to vandalize or steal data from a system.
Discuss WiFi and network security. How secure is it? What steps should be taken to ensure it's secure?
SCADA protocols, PLCs, and computers manage industrial, manufacturing, electrical and water utilities on contenental
or regional scale, dams and barrages, environmental control systems. What are SCADA. ICS, and PLC?
Suppose an interviewer asks you 'What is Internet Security?'. What's your reply? Or, 'Network Security', or 'Information Security'...
HIPAA has greatly reduced the costs and improved the accuracy of health and medical record keeping and claims
processing. What is it, and how has it reduced costs of medical accounting?
What is HIPAA and what are it's benefits and risks?
Name two or three certificates that would be valuable for career path in information systems.