Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

SecurityCHPT14

terms

QuestionAnswer
threat action that has the potential to do harm
threat agent person has the power to carry out the threat
vulnerability a flaw or weakness that allows threat to bypass security
risk likelihood that the threat agent will exploit the vulnerabiliity
risk classifications strategic
risk classifications compliance
risk classifications financial
risk classifications operational
risk classifications environmental
risk classifications technical
risk classifications managerial
privilege subjects access level over an object
privilege management process of assigning and revoking privilieges to objects
privilege auditing examination of procedures that produces a detailed report of its findings
change management refers to a methodology for making modifications and keeping track of those changes
two major changes need to be documented any change in system architecture
two major changes need to be documented classification changes in files or documents
incident management the framework and functions required to enable incident response and incident handling within an organization
incident response defined as the components required to identify,analyze,and contain the incident
incident handling planning,coordination,communications, and planning functions that are needed in order to respond to an incident
security policy written document that states how an organization plans to protect the companys information technology assets
an effective security policy must be able to balance trust and control
three approaches to trust trust everyone all the time
three approaches to trust trust no one at any time
three approaches to trust trust some people some of the time
one security policy goal implement control
designing a security policy involves understanding the policy cycle
designing a security policy involves knowing the steps in policy development
standard collection of requirements specific to the system
guideline collection of guidelines that should be implemented
policy document that outlines specific requirements or rules that must be met
security policy cycle vulnerability assessment what needs to be protected
security policy cycle use the info from the risk management study how to protect it
security policy cycle review the policy for compliance evaluating protection
policy characteristics communicates a consensus of judgement
policy characteristics defines appropriate behavior for users
policy characteristics identify what tools and procedures are needed
policy characteristics provide directives for human resources
due care the obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take precautions to protect them
security policies acceptable encryption
security policies antivirus
security policies audit vulnerability scanning
security policies automatically forward email
security policies database credentials
security policies demilitarized zone security
security policies email
security policies email retention
security policies extranet
security policies information sensitive
security policies router security
security policies server security
security policies vpn security
security policies wireless communication
acceptable use policy defines the actions users may perform while accessing systems and networking equipment
privacy policy personally identifiable information
pii outlines how the organization uses personal information it collects
security related human resource policy statements that include how employee information technology resources will be addressed
due care imposed on owners and operators of assets to exercise reasonable care of the assets and take cautions to protect them
due process principle of treating all accused persons in an equal fashion
due diligence any investigation into suspicious employee conduct will examin all material facts
password management and complexity policy addresses how passwords are managed and created
disposal and destruction policy addresses the disposal of confidential resources
classification of information policy framework for classifying assets
ethics policy written code of conduct intended to be the central guide and refernce for employees on a day to day basis
user practices pasword behaviors
user practices data handling
user practices clean desk policies
user practices prevent tailgating
user practices personally owned devices
standard collection of requirements specific to the system or procedure
guideline collection of suggestions that must be implemented
policy document that outlines specific requirements or rules be met
policy characteristics communicate a consensus of judgement
policy characteristics define appropriate behavior for users
policy characteristics provide directives for hr action inresponse to inappropriate behavior
security policy cycle assest identification
security policy cycle threat identification
security policy cycle vulnerability appraisal
security policy cycle risk assessment
security policy cycle risk mitigation
values beliefs and principles used to define what is good,right and just
morals beliefs that help distinguish between right and wrong
ethics defined as the study of what a group of people understand to be good and right behavior
user practices password behaviors
user practices data handling
user practices clean desk policies
user practices prevent tailgating
user practices personally owned devices
peer to peer networks no servers
peer to peer networks communicate directly between two devices
peer to peer networks high risk of infection and legal consequences
reasons social networking sites are popular for attackers provide a treasure trove of personal data
reasons social networking sites are popular for attackers users are generally trusting
reasons social networking sites are popular for attackers vulnerable sites
pedagogical approach greek word meaning to lead a child
andragogical approach helping an adult to learn
kinesthetic learn thru a lab environment or hands on approach
Created by: cgeaski