Chapter 1: Security Principles 2025/2026 | Comprehensive Study Guide with Practice Questio, Exams of Cybercrime, Cybersecurity and Data Privacy

A comprehensive Chapter 1 study guide on Security Principles for 2025/2026, featuring clearly written practice questions, correct answers, and concise explanations. Covers core cybersecurity concepts such as confidentiality, integrity, availability, risk management, authentication, authorization, and security controls—ideal for exams and foundational security courses.

Typology: Exams

2025/2026

Available from 01/24/2026

tutor-mary
tutor-mary 🇺🇸

3

(1)

1.8K documents

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Chapter 1: Security Principles
2025/2026 with verified question and
answers
Adequate Security - correct answer <<<✨✨✨Security commensurate with the risk and the
magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of
information. Source: OMB Circular A-130
Administrative Controls - correct answer <<<✨✨✨Controls implemented through policy and
procedures. Examples include access control processes and requiring multiple personnel to conduct a
specific operation. Administrative controls in modern environments are often enforced in conjunction
with physical and/or technical controls, such as an access-granting policy for new users that requires
login and approval by the hiring manager.
Artificial Intelligence - correct answer <<<✨✨✨The ability of computers and robots to simulate
human intelligence and behavior.
Asset - correct answer <<<✨✨✨Anything of value that is owned by an organization. Assets include
both tangible items such as information systems and physical property and intangible assets such as
intellectual property.
Authentication - correct answer <<<✨✨✨The act of identifying or verifying the eligibility of a
station, originator, or individual to access specific categories of information. Typically, a measure
designed to protect against fraudulent transmissions by establishing the validity of a transmission,
message, station or originator.
Authorization - correct answer <<<✨✨✨The right or a permission that is granted to a system entity
to access a system resource. NIST 800-82 Rev.2
Availability - correct answer <<<✨✨✨Ensuring timely and reliable access to and use of information
by authorized users.
pf3
pf4
pf5

Partial preview of the text

Download Chapter 1: Security Principles 2025/2026 | Comprehensive Study Guide with Practice Questio and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

Chapter 1: Security Principles

2025/2026 with verified question and

answers

Adequate Security - correct answer <<<✨✨✨Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of information. Source: OMB Circular A- 130 Administrative Controls - correct answer <<<✨✨✨Controls implemented through policy and procedures. Examples include access control processes and requiring multiple personnel to conduct a specific operation. Administrative controls in modern environments are often enforced in conjunction with physical and/or technical controls, such as an access-granting policy for new users that requires login and approval by the hiring manager. Artificial Intelligence - correct answer <<<✨✨✨The ability of computers and robots to simulate human intelligence and behavior. Asset - correct answer <<<✨✨✨Anything of value that is owned by an organization. Assets include both tangible items such as information systems and physical property and intangible assets such as intellectual property. Authentication - correct answer <<<✨✨✨The act of identifying or verifying the eligibility of a station, originator, or individual to access specific categories of information. Typically, a measure designed to protect against fraudulent transmissions by establishing the validity of a transmission, message, station or originator. Authorization - correct answer <<<✨✨✨The right or a permission that is granted to a system entity to access a system resource. NIST 800-82 Rev. Availability - correct answer <<<✨✨✨Ensuring timely and reliable access to and use of information by authorized users.

Baseline - correct answer <<<✨✨✨A documented, lowest level of security configuration allowed by a standard or organization. Biometric - correct answer <<<✨✨✨Biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns. Bot - correct answer <<<✨✨✨Malicious code that acts like a remotely controlled "robot" for an attacker, with other Trojan and worm capabilities. Classified or Sensitive Information - correct answer <<<✨✨✨Information that has been determined to require protection against unauthorized disclosure and is marked to indicate its classified status and classification level when in documentary form. Confidentiality - correct answer <<<✨✨✨The characteristic of data or information when it is not made available or disclosed to unauthorized persons or processes. NIST 800- 66 Criticality - correct answer <<<✨✨✨A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function. NIST SP 800 - 60 Vol. 1, Rev. 1 Data Integrity - correct answer <<<✨✨✨The property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing and while in transit. Source: NIST SP 800-27 Rev A Encryption - correct answer <<<✨✨✨The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings. General Data Protection Regulation (GDPR) - correct answer <<<✨✨✨In 2016, the European Union passed comprehensive legislation that addresses personal privacy, deeming it an individual human right.

Likelihood of Occurrence - correct answer <<<✨✨✨A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or set of vulnerabilities. Multi-Factor Authentication - correct answer <<<✨✨✨Using two or more distinct instances of the three factors of authentication (something you know, something you have, something you are) for identity verification. National Institutes of Standards and Technology (NIST) - correct answer <<<✨✨✨The NIST is part of the U.S. Department of Commerce and addresses the measurement infrastructure within science and technology efforts within the U.S. federal government. NIST sets standards in a number of areas, including information security within the Computer Security Resource Center of the Computer Security Divisions. Non-repudiation - correct answer <<<✨✨✨The inability to deny taking an action such as creating information, approving information and sending or receiving a message. Personally Identifiable Information (PII) - correct answer <<<✨✨✨The National Institute of Standards and Technology, known as NIST, in its Special Publication 800-122 defines PII as "any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual's identity, such as name, Social Security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial and employment information." Physical Controls - correct answer <<<✨✨✨Controls implemented through a tangible mechanism. Examples include walls, fences, guards, locks, etc. In modern organizations, many physical control systems are linked to technical/logical systems, such as badge readers connected to door locks. Privacy - correct answer <<<✨✨✨The right of an individual to control the distribution of information about themselves. Probability - correct answer <<<✨✨✨The chances, or likelihood, that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities. Source: NIST SP 800-30 Rev. 1

Protected Health Information (PHI) - correct answer <<<✨✨✨Information regarding health status, the provision of healthcare or payment for healthcare as defined in HIPAA (Health Insurance Portability and Accountability Act). Qualitative Risk Analysis - correct answer <<<✨✨✨A method for risk analysis that is based on the assignment of a descriptor such as low, medium or high. Source: NISTIR 8286 Quantitative Risk Analysis - correct answer <<<✨✨✨A method for risk analysis where numerical values are assigned to both impact and likelihood based on statistical probabilities and monetarized valuation of loss or gain. Source: NISTIR 8286 Risk - correct answer <<<✨✨✨A measure of the extent to which an entity is threatened by a potential circumstance or event. Risk Acceptance - correct answer <<<✨✨✨Determining that the potential benefits of a business function outweigh the possible risk impact/likelihood and performing that business function with no other action. Risk Assessment - correct answer <<<✨✨✨The process of identifying and analyzing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals and other organizations. The analysis performed as part of risk management which incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. Risk Avoidance - correct answer <<<✨✨✨Determining that the impact and/or likelihood of a specific risk is too great to be offset by the potential benefits and not performing a certain business function because of that determination. Risk Management - correct answer <<<✨✨✨The process of identifying, evaluating and controlling threats, including all the phases of risk context (or frame), risk assessment, risk treatment and risk monitoring. Risk Management Framework - correct answer <<<✨✨✨A structured approach used to oversee and manage risk for an enterprise. Source: CNSSI 4009

information system through mechanisms contained in the hardware, software or firmware components of the system. Threat - correct answer <<<✨✨✨Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image or reputation), organizational assets, individuals, other organizations or the nation through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service. Source: NIST SP 800-30 Rev 1 Threat Actor - correct answer <<<✨✨✨An individual or a group that attempts to exploit vulnerabilities to cause or force a threat to occur. Threat Vector - correct answer <<<✨✨✨The means by which a threat actor carries out their objectives. Token - correct answer <<<✨✨✨A physical object a user possesses and controls that is used to authenticate the user's identity. Source: NISTIR 7711 Vulnerability - correct answer <<<✨✨✨Weakness in an information system, system security procedures, internal controls or implementation that could be exploited by a threat source. Source: NIST SP 800-30 Rev 1 Institute of Electrical and Electronics Engineers - correct answer <<<✨✨✨IEEE is a professional organization that sets standards for telecommunications, computer engineering and similar disciplines.