Easy
What does the acronym "VPN" stand for in the context of information security?
Virtual Private Network
As a security flaw or weakness in software or hardware that is unknown to the vendor or developers and has not yet been patched or fixed.
Zero-day vulnerability
Uses a single key for both encryption and decryption. It is efficient for large amounts of data and is commonly used for data storage and transmission within closed systems.
Symmetric encryption
What is the difference between authentication and authorization in information security?
Authentication is the process of verifying the identity of a user or system entity, usually through credentials
Authorization, on the other hand, is the process of determining whether an authenticated user or system entity has the right permissions to access specific resources or perform certain actions.
Ensures that information is accessible only to those authorized to access it.
Confidentiality
It focuses on how personal data is collected, used, shared, and stored in compliance with privacy laws and regulations.
Data Privacy
Transforms plaintext data into ciphertext to protect it from unauthorized access during transmission or storage.
Encryption
What is the principle of least privilege in cybersecurity?
The principle of least privilege is a cybersecurity concept where users, processes, and systems are granted only the minimum level of access or permissions necessary to perform their job functions or tasks, thereby reducing the potential impact of a security breach or insider threat.
Refers to the practice of protecting systems, networks, and data from digital attacks.
Cybersecurity
Identifying and documenting potential risks that could affect an organization's objectives.
Risk Identification
Involves manipulating individuals to divulge confidential information or perform actions that compromise security.
Social Engineering
How does the Cybercrime Prevention Act of 2012 complement the Data Privacy Act in the Philippines?
The Cybercrime Prevention Act addresses offenses related to cybercrime, including hacking, cyber fraud, and identity theft. It complements the Data Privacy Act by providing legal frameworks for investigating and prosecuting cybercrimes that may involve breaches of data privacy and security.
A security process that requires users to provide two different authentication factors to verify their identity
Two-factor authentication
Is the process of determining whether an authenticated user or system entity has the right permissions to access specific resources or perform certain actions.
Authorization
The process of identifying, analyzing, and evaluating potential risks and vulnerabilities in an organization's IT infrastructure and information systems.
Risk Assessment
The Data Privacy Act of 2012 defines 'sensitive personal information' as personal information:
About an individual's race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
About an individual's health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings
A weakness or flaw in a system or software that could be exploited by attackers to compromise its security.
Vulnerability
As a security flaw or weakness in software or hardware that is unknown to the vendor or developers and has not yet been patched or fixed.
Zero-day vulnerability
What role does availability play in the CIA triad, and why is it critical for information systems?
Availability ensures that data and services are accessible and usable by authorized users when needed.
What is the CIA triad in information security?
The CIA triad stands for Confidentiality (ensuring data is accessible only to authorized entities), Integrity (ensuring data is accurate and trustworthy), and Availability (ensuring data is accessible when needed).