INFO5301 Information Security Management
3-B: System integrity is that the system will work as intended; we know that the system will
perform in the way that we expect.
4-C: Availability, is that the systems will be operating and accessible when needed.
5-A: Assurance is the level of confidence that the controls work. So, this is where we’re
going to be doing various testing and audit; it’s how we know that what we’ve put in place
is actually working to protect our organizations and our environments.
NOTE: Availability just says that the system is operating and accessible to authorized users,
it doesn’t mention how it is working. System integrity is a commentary on how the system
will work; that it will work as intended.
Duration: 5 min
Exercise 2:
Which of the following terms is used to denote a potential cause of an unwanted incident,
which may result in harm to a system or organization?
1. Vulnerability
2. Exploit
3. Threat
4. Attacker
Answer:
Threat.
The question provides the definition of a threat in ISO/IEC 27000.
The term attacker (in option 4) could be used to describe a threat agent that is, in turn, a
threat, but use of this term is much more restrictive.
Vulnerability (in option 1) is defined as “weakness of an asset or control that can be exploited
by one or more threats”.
Duration: 5 min
Exercise 3:
Which group causes the most risk of fraud and computer compromises? Explain?
1. Employees
2. Hackers
3. Attackers
Information Security Management Page 2of 6