Q1. What is Information Security? A1. Information Security is to control the integrity, availability and confidentiality of Information. Q2.

What is Information Integrity? A2. Information Integrity means Information is Correct and Current. Q3. What is Information Availability? A3. Information Availability means Information is Available when required to authorized users and processes. Q4. What is Information Confidentiality? A4. Information Confidentiality means Information is only available to authorized users and processes. Q5. What is Information Asset? A5. Any physical or human assets used for receiving, storage, processing or transmission of information are information asset. For example: a. Computers b. Servers c. UPS d. Hard/Soft Copy Files e. People etc. Q6. What is Threat? A6. Any compromises of informations integrity, availability or confidentiality are called Threats. Q7. What is Vulnerability? A7. Any factors responsible for compromise of informations integrity, availability or confidentiality are called Vulnerabilities. Q8. What is Risk? A8. Likelihood that threats will exploit the vulnerabilities and result into a real compromise of informations integrity, availability or confidentiality is called Risk. Q9. What is Risk Treatment? A9. Risk Treatment involves understanding the vulnerabilities which can be exploited by threats and taking actions to avoid, reduce or control the risk. Q10. What are Controls?

A10. Controls are mechanism and counter measures to reduce the vulnerabilities using security techniques, training, establishing systems and ensuring legal compliance. Q11. What is Statement of Applicability?

A11. The listing of selected controls from Annexure of ISO 27001 for avoiding, reducing or controlling risk is termed as Statement of Applicability.

Q12.

What is Business Continuity Preparations?

A12. The preparations to handle threats related to emergencies leading to halting of operations temporarily or for longer duration are called Business Continuity Preparations. Q13. What is Measurement of Effectiveness?

A13. To what extent the controls are implemented to achieve the requirements of avoiding, reducing or controlling risks for compromise of integrity, availability or confidentiality of information is called measurement of effectiveness. Q14. A14. Q15. A15. What is ISO 27001? It is an international standard for Information Security Management System. What are Key Elements of ISO 27001? Following are the Key Elements of ISO 27001: a. Risk Assessment b. Statement of Applicability c. Risk Treatment d. Legal Compliance e. Roles and Responsibilities f. Competence, Training and Awareness g. Internal Auditing h. Information Security Policies & Objectives i. Management Reviews j. Incident Reporting and Actions k. Actions on Occurred Problems l. Actions to Avoid Problems m. Measurement of Effectiveness n. Documentation of Policies i. Acceptable Use of Assets ii. Physical and Logical Access Control iii. Back-up iv. Legal Compliance v. Network Management vi. Document Control vii. Record Control viii. Auditing ix. Incident Reporting x. Corrective Actions xi. Preventive Actions