Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
SecurityCHPT14
terms
| Question | Answer |
|---|---|
| threat | action that has the potential to do harm |
| threat agent | person has the power to carry out the threat |
| vulnerability | a flaw or weakness that allows threat to bypass security |
| risk | likelihood that the threat agent will exploit the vulnerabiliity |
| risk classifications | strategic |
| risk classifications | compliance |
| risk classifications | financial |
| risk classifications | operational |
| risk classifications | environmental |
| risk classifications | technical |
| risk classifications | managerial |
| privilege | subjects access level over an object |
| privilege management | process of assigning and revoking privilieges to objects |
| privilege auditing | examination of procedures that produces a detailed report of its findings |
| change management | refers to a methodology for making modifications and keeping track of those changes |
| two major changes need to be documented | any change in system architecture |
| two major changes need to be documented | classification changes in files or documents |
| incident management | the framework and functions required to enable incident response and incident handling within an organization |
| incident response | defined as the components required to identify,analyze,and contain the incident |
| incident handling | planning,coordination,communications, and planning functions that are needed in order to respond to an incident |
| security policy | written document that states how an organization plans to protect the companys information technology assets |
| an effective security policy must be able to balance | trust and control |
| three approaches to trust | trust everyone all the time |
| three approaches to trust | trust no one at any time |
| three approaches to trust | trust some people some of the time |
| one security policy goal | implement control |
| designing a security policy involves | understanding the policy cycle |
| designing a security policy involves | knowing the steps in policy development |
| standard | collection of requirements specific to the system |
| guideline | collection of guidelines that should be implemented |
| policy | document that outlines specific requirements or rules that must be met |
| security policy cycle | vulnerability assessment what needs to be protected |
| security policy cycle | use the info from the risk management study how to protect it |
| security policy cycle | review the policy for compliance evaluating protection |
| policy characteristics | communicates a consensus of judgement |
| policy characteristics | defines appropriate behavior for users |
| policy characteristics | identify what tools and procedures are needed |
| policy characteristics | provide directives for human resources |
| due care | the obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take precautions to protect them |
| security policies | acceptable encryption |
| security policies | antivirus |
| security policies | audit vulnerability scanning |
| security policies | automatically forward email |
| security policies | database credentials |
| security policies | demilitarized zone security |
| security policies | |
| security policies | email retention |
| security policies | extranet |
| security policies | information sensitive |
| security policies | router security |
| security policies | server security |
| security policies | vpn security |
| security policies | wireless communication |
| acceptable use policy | defines the actions users may perform while accessing systems and networking equipment |
| privacy policy | personally identifiable information |
| pii | outlines how the organization uses personal information it collects |
| security related human resource policy | statements that include how employee information technology resources will be addressed |
| due care | imposed on owners and operators of assets to exercise reasonable care of the assets and take cautions to protect them |
| due process | principle of treating all accused persons in an equal fashion |
| due diligence | any investigation into suspicious employee conduct will examin all material facts |
| password management and complexity policy | addresses how passwords are managed and created |
| disposal and destruction policy | addresses the disposal of confidential resources |
| classification of information policy | framework for classifying assets |
| ethics policy | written code of conduct intended to be the central guide and refernce for employees on a day to day basis |
| user practices | pasword behaviors |
| user practices | data handling |
| user practices | clean desk policies |
| user practices | prevent tailgating |
| user practices | personally owned devices |
| standard | collection of requirements specific to the system or procedure |
| guideline | collection of suggestions that must be implemented |
| policy | document that outlines specific requirements or rules be met |
| policy characteristics | communicate a consensus of judgement |
| policy characteristics | define appropriate behavior for users |
| policy characteristics | provide directives for hr action inresponse to inappropriate behavior |
| security policy cycle | assest identification |
| security policy cycle | threat identification |
| security policy cycle | vulnerability appraisal |
| security policy cycle | risk assessment |
| security policy cycle | risk mitigation |
| values | beliefs and principles used to define what is good,right and just |
| morals | beliefs that help distinguish between right and wrong |
| ethics | defined as the study of what a group of people understand to be good and right behavior |
| user practices | password behaviors |
| user practices | data handling |
| user practices | clean desk policies |
| user practices | prevent tailgating |
| user practices | personally owned devices |
| peer to peer networks | no servers |
| peer to peer networks | communicate directly between two devices |
| peer to peer networks | high risk of infection and legal consequences |
| reasons social networking sites are popular for attackers | provide a treasure trove of personal data |
| reasons social networking sites are popular for attackers | users are generally trusting |
| reasons social networking sites are popular for attackers | vulnerable sites |
| pedagogical approach | greek word meaning to lead a child |
| andragogical approach | helping an adult to learn |
| kinesthetic | learn thru a lab environment or hands on approach |
Created by:
cgeaski
Popular Computers sets