Summary questions for the introduction¶

The questions are randomised per student and you will receive only correct/incorrect feedback for these questions. In Problem 1, each question has exactly one correct option.

In Problem 2, each student will have at least one correct option, usually more. For partially correct answers, the system gives feedback ’incorrect’ , but Problem 2 is accepted when the score is 12 or more and the points are shown on a yellow background. Points start to accumulate only after more than half of the selections in the problem are correct. The score alone does not directly indicate whether an individual selection is correct or not.

Question 1

What is information security?

It includes data protection and cyber security.

It is a target state in which the entire digital operating environment can be trusted.

It is something that aims to ensure the confidentiality, integrity, and availability of information.

It is a state concerning data and information systems that can be compared to peace and is also protected from accidents.

Question 2

What is confidentiality needed for?

It ensures that information is what it is supposed to be.

It ensures that only those who have the right to access certain information can access it.

It ensures that information can be used.

It protects against denial-of-service attacks.

Question 3

An information security strategy

defines the people responsible for information security in an organisation.

defines how an organisation defends itself against attackers.

defines the organisation’s objectives regarding information security and general responsibilities.

is implemented through access control rules.

Question 4

Why are there different principles related to security?

Authorities have mandated them as compulsory.

Their use guarantees a secure outcome.

They help users act more securely.

They help in designing security.

Question 5

If security principles are not followed,

problems will certainly occur.

more expertise is required than when using the principles.

it must be done with an understanding of what is being deviated from.

authorities will intervene.

Question 6

What is meant by security architecture?

Comprehensive risk assessment.

Designing a system at a high level from a security perspective.

Preventing attacks.

Access control systems.

Question 7

Layered security

is related to network protocols.

means that a system retains its security even if connections to other parts of the system are lost.

is built from multiple overlapping security measures.

minimises the attack surface.

Question 8

Information security policy

may include both organisational and automated policies.

applies only to the management of an organisation.

considers the impact of the system lifecycle on security design.

does not allow case-by-case application.

Question 9

Economics has contributed to cyber security

in risk management for assessing the magnitude of damage.

in studying the financial flows of cybercriminals.

in calculating lifecycle costs of information security systems.

in the “psychological” optimisation of information security policies.

Select the correct statements. You may choose one or more options.

Question 1

Cyber security is a subdomain of information security.

It is beneficial for the security of a measure to rely on its operating principle remaining secret.

Cyber security is a process, and so is information security.

The functioning of communication connections is particularly important for integrity.

Security measures can be defined to suit specific situations.

Encrypting an email message is an example of confidentiality.

Vulnerability analysis cannot be performed on systems that include people.

Security flaws that attackers exploit are caused by design errors.

All security measures aim to prevent security breaches.

Risk management is part of cyber security.

Identifying risks is part of risk management.

Information security considers issues that are not relevant to cyber security.