Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Cyb1UofI_FISCCH1.2
When Are You Secure?
| Question | Answer |
|---|---|
| According to Eugene Spafford what is the only true-ly secure system | The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards—and even then, I have my doubts |
| Describe how useful or productive a system in a Eugene Spafford true-ly secure state is | A system in such a state might be secure, but it’s not usable or productive |
| What happens to systems usability as you increase the level of security | As you increase the level of security, you usually decrease the level of productivity. |
| when securing an asset, system, or environment what must be considered | how the level of security relates to the value of the item being secured |
| What levels of security can you use if you are willing to the accommodate a decrease in performance | you can apply very high levels of security to every asset for which you’re responsible |
| what is an example of level of security to secure a grandmothers cookie recipe that doesn't make sense to have and why | You could build a billion-dollar facility surrounded by razor-wire fences and patrolled by armed guards and vicious attack dogs, complete with a hermetically sealed vault, to safeguard your mom’s chocolate chip cookie recipe, but that would be overkill |
| how do you determine the level of security needed | The cost of the security you put in place should never outstrip the value of what it’s protecting. |
| what do you need to consider in any environment where you plan to put heightened levels of security in place? | you also need to consider the cost of replacing your assets if you happen to loose them and make sure you establish reasonable levels of protection for their value |
| why is defining the exact point at which you can be considered secure a challenge? | no single activity or action will make you secure in every situation |
| what are some things to consider when determining how secure your system should be | are you secure if your systems are properly patched? are you secure if you use strong passwords? are you secure if you are disconnected from the internet entirely? |
| are you secure if your systems are properly patched | no |
| are you secure if you use strong passwords | no |
| are you secure if you are disconnected from the internet entirely | no |
| why is the answer no to are you secure if your systems are properly patched | even if your systems are properly patched, there will always be new attacks to which you’re vulnerable |
| why is the answer no to are you secure if you use strong passwords | When you’re using strong passwords, an attacker will exploit a different avenue instead. |
| why are you secure if you are disconnected from the internet entriely | When you’re disconnected from the internet, an attacker could still physically access or steal your systems. |
| what is a much easier task than defining when you are secure | defining when you’re insecure is a much easier task |
| what could put your system in an insecure state | Not applying security patches/application updates to systems Using weak passwords (password,1234) Downloading programs from the internet Opening email attachments from unknown senders Using wireless networks without encryption |
| why is it good to determine the areas in the environment that can make the system insecure | you can take steps to mitigate those issues |
| Although you may never get to a state that you can definitively call “secure,” you can | take steps in the right direction |
| describe the bodies of law that define standards for security from one industry to another, one country to another | the bodies of law that define standards for security vary quite a bit from one industry to another, and differ wildly from one country to another |
| what is an example of a body of law that defines standards in the United States compared to the European Union that has differences in the law | the data privacy laws |
| organizations that operate globally need to consider | that they are not violating any laws (standards for security) while conducting business. |
| who should be consulted before acting when unsure about laws relating to standards for security | legal counsel |
| what do some bodies of law or regulations try to do | define what secure means or at least some of the steps you should take to be secure enough |
| what are examples of some bodies of law or regulations that try to define what secure means or what it takes to be secure enough | the payment card industry data security standard health insurance portability and accountability act of 1996 federal information security management act |
| what does the payment card industry data standard do | applies to companies that process credit card payments |
| what does the acronym PCIDSS stand for | payment card industry data security standard |
| what does the health insurance portability and accountability act of 1996 do | is for organizations that handle healthcare and patient records |
| what does the acronym HIPAA stand for | health insurance portability and accountability act of 1996 |
| what does the federal information security management act do | defines security standards for many federal agencies in the united states |
| what does the acronym FISMA stand for | federal information security management |
| what is general advice regarding security standards | following the security standards defined for the industry in which you're operating is advisable if not mandated |
| what is something to keep in mind about security standards | the effectiveness is debatable but following security standards is advisable or mandated |
Created by:
user-1830624
Popular Computers sets