Explore topic-wise InterviewSolutions in .

Its BEST classified according to the nature of RISKS:

1. ASSETS SECURITY RISK
2. PEOPLE SECURITY RISK
3. OPERATIONAL RISK
4. COMMUNICATIONS SECURITY RISK 

Its best classified according to the nature of risks:

ASSETS are mostly the hardware and SOFTWARE used by the organisation but are also buildings and other data storage areas

• COMPUTERS/OTHER DEVICES AND COMPUTER NETWORKS including CLOUD networks that store digital data. This includes ACCESS to computers and computer NETWORK.
• DATA stored on computers, other devices and computer network.
• BUILDINGS where computers and networks are held
• MOBILE ASSETS such as laptops, phones etc. are also assets

ASSETS are mostly the hardware and software used by the organisation but are also buildings and other data storage areas

• COMPUTERS – data loss through network and hardware FAILURE , breach of systems and hardware INFECTION

• HACKERS/MALWARE/VIRUS – INFECT COMPUTER software and hardware incl. mobile hardware 

• COMPUTERS – data loss through network and hardware failure , breach of systems and hardware infection

• HACKERS/MALWARE/VIRUS – infect computer software and hardware incl. mobile hardware 

• Password protection– STRINGENT not ad hoc or ‘sloppy’
• Virus and malware protection software – test REGIMES for software including cloud technology usage
• Do not allow staff to upload software anto mobile devices.
• Strict policies and PROTOCOLS around the use of CDs, DVD or USB Drives, SMART phones, laptops, iPads etc. – anything that COULD hold confidential data 

PEOPLE are often referred to as ‘insider’ RISKS. Either employees or subcontractors/vendors, become a security risk when they, either knowingly or unknowingly through their own behavior, WORK in a way that creates a risk to information security.

Examples include; sharing passwords, talking about CLIENTS on face BOOK and chat rooms, losing ASSETS such as laptops etc. 

PEOPLE are often referred to as ‘insider’ risks. Either employees or subcontractors/vendors, become a security risk when they, either knowingly or unknowingly through their own behavior, work in a way that creates a risk to information security.

Examples include; sharing passwords, talking about clients on face book and chat rooms, losing assets such as laptops etc. 

Vendors/Subcontractors OFTEN have as much or more access to company systems without the training or MONITORING of their use. Often there is no exit STRATEGY on contract completion. Vendors/Subcontractors can also be people working from home such as recruiters, DATA ANALYSTS etc. Vendors can also be providers of cloud services, software developers and other like services. Data is often communicated via email and rarely do companies check to ensure virus protection etc. is in place nor have a process to ensure data is securely removed from vendor assets post project. 

Vendors/Subcontractors often have as much or more access to company systems without the training or monitoring of their use. Often there is no exit strategy on contract completion. Vendors/Subcontractors can also be people working from home such as recruiters, data analysts etc. Vendors can also be providers of cloud services, software developers and other like services. Data is often communicated via email and rarely do companies check to ensure virus protection etc. is in place nor have a process to ensure data is securely removed from vendor assets post project. 

Here you’re looking for a quick comeback for any position that will INVOLVE SYSTEM administration (see system security). If they don’t know how to change their DNS server in the two most popular OPERATING systems in the world, then you’re likely WORKING with someone very junior or otherwise highly ABSTRACTED from the real world.

Here you’re looking for a quick comeback for any position that will involve system administration (see system security). If they don’t know how to change their DNS server in the two most popular operating systems in the world, then you’re likely working with someone very junior or otherwise highly abstracted from the real world.

ENCODING is designed to protect the integrity of data as it crosses networks and SYSTEMS, i.e. to keep its original message upon ARRIVING, and it isn’t primarily a security function. It is easily REVERSIBLE because the system for encoding is almost necessarily and by definition in wide use.

Encryption is designed purely for confidentiality and is reversible only if you have the appropriate key/keys. With hashing the operation is one-way (non-reversible), and the output is of a fixed length that is usually much smaller than the input.

Encoding is designed to protect the integrity of data as it crosses networks and systems, i.e. to keep its original message upon arriving, and it isn’t primarily a security function. It is easily reversible because the system for encoding is almost necessarily and by definition in wide use.

Encryption is designed purely for confidentiality and is reversible only if you have the appropriate key/keys. With hashing the operation is one-way (non-reversible), and the output is of a fixed length that is usually much smaller than the input.

• Mark information sensitive documents ACCORDINGLY to warn the USER.
• Restrict printing of documents to only certain hierarchies of documents.
• Have a CLEAR desk POLICY for all information that is business sensitive.
• ENSURE a procedure for hardcopy record keeping, archiving and secure destruction is in place.