Term
|
Definition
Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate |
|
|
Term
Four pillars of Trust services Framework |
|
Definition
confidentiality privacy process integrity availabilty |
|
|
Term
Top and bottom of Trust services framework |
|
Definition
Top: systems reliability bottom: security |
|
|
Term
|
Definition
|
|
Term
|
Definition
sensitive info is protected |
|
|
Term
|
Definition
personal info is collected and used only w/ regulatory requirements and is protected |
|
|
Term
|
Definition
data is processed carefully, completely and in a timely manner |
|
|
Term
|
Definition
info is available to meet operational and contractual obligations |
|
|
Term
Three fundamental security concepts |
|
Definition
1) security is a management issue not technological 2) Time based model of security P>C+D 3) Defense in Depth |
|
|
Term
|
Definition
Training Authenication Authorization Physical Controls Network Access/ Perimeter controls device and software hardening |
|
|
Term
Border Router and firewall |
|
Definition
connects IS to internet and controls what info goes in and out of the system |
|
|
Term
|
Definition
safezone for handling items before they pass into the companies system |
|
|
Term
|
Definition
Access restrictions passwords devices- smart cards iD badges bio metrics- fingerprints multifactor- combination of 2 or more Device specific authentication |
|
|
Term
|
Definition
Restrict access within the system Segregation of Duties |
|
|
Term
|
Definition
uses same key to encrypt and decrypt faster but both parties need to know the secret key |
|
|
Term
|
Definition
Public and Private key both and encrypt but only private can decrypt allows for open sharing of public key |
|
|
Term
|
Definition
creates digital certificate which grants access to info |
|
|
Term
|
Definition
system of issuing pairs of public and private keys and corresponding digital certificates |
|
|
Term
|
Definition
taking plain text and converting it into code |
|
|
Term
|
Definition
electronic document created and digitally signed by trusted third party, certifies identity |
|
|
Term
Three items sent in Bid Package |
|
Definition
Bid w/ symmetric key Hash of Bid w/ NW private key Symmetric Key w/ US public key |
|
|
Term
|
Definition
|
|
Term
Types of Detective Controls |
|
Definition
Log Analysis Intrusion detection systems reporting to management security testing |
|
|
Term
|
Definition
monitor activity and take corrective actions must be timely |
|
|
Term
Types of Security testing |
|
Definition
vulnerabilities scans war dialing penetration tests |
|
|
Term
|
Definition
looks for weaknesses, identifies unused and unnecessary programming |
|
|
Term
|
Definition
calling thousands of modems and looking for an idle one to take over and gain access |
|
|
Term
|
Definition
authorized attempt to break into system |
|
|
Term
Types of Corrective controls |
|
Definition
computer emergency response teams CIO Patch maangement |
|
|
Term
|
Definition
proprietary info of the company internal policy protection |
|
|
Term
|
Definition
customer or 3rd party sensitive data legal requirments to protect |
|
|
Term
Ways to protect info and data |
|
Definition
Policies and Procedures Categorize all data Authentication and Authorization Encrypt stored and transmitted data Remove/ Disguise private data Make info confidential/ restricted Data loss prevention software Restrict Physical Access Proper Disposal |
|
|
Term
Additional Privacy Considerations |
|
Definition
Understand legal requirements choice and consent disclosure of violations restitution for damages |
|
|
Term
|
Definition
use as many checks and validations as possible dont use paper use real-time data entry |
|
|
Term
Batch processing input controls |
|
Definition
sequence check batch totals error logs |
|
|
Term
Real time data entry controls |
|
Definition
automatic entry data prompting preformatting closed loop verification transaction logs error messages |
|
|
Term
|
Definition
Data matching file labels recalculate batch totals crossfoot balance write-protection mechanisms concurrent update controls |
|
|
Term
|
Definition
user review reconciliation procedures external data reconciliation |
|
|
Term
|
Definition
hardware and software failures disasters human error worms and viruses DOS attacks and other sabotage |
|
|
Term
Disaster Recovery Systems |
|
Definition
data backup procedures provisions for access to replacement infrastructure thorough documentation periodic testing and training adequate insurance |
|
|