Shared Flashcard Set

Details

CISSP (ElementK) Information Security Class & Prog. Develop
CISSP, Element K 2nd Edition, Lesson 5
21
Computer Science
Professional
11/17/2009
Click here to study/print these flashcards.

Create your own flash cards! Sign up here.

Additional Computer Science Flashcards

 

 

Cards

Term
Information Classification
 Definition
(Data/Content Classification)
Term
Classification Schemes
 Definition

Military

Commercial
Term
Military Classification Schemes
 Definition

Top Secret (Grave Damage to National Security)

Secret (Serious Damage to National Security)

Confidential (Some risk)

Unclassified (No risk)
Term
Commercial Classification Schemes
 Definition

Corporate (Do not disclouse oustide of Enterprise)

Personal & Confidential (Personal Nature)

Private (Between 2 people)

Trade Secret (Corp. Intellectual Property)

Client Confidential (Client Personal Info/Intellectual Property)
Term
Classification Roles (2)
 Definition

Classifier

Protector
Term
Classifier
 Definition
  1. ID Items to classify
  2. Evaluate risk of disclosure
  3. Assign classification level
  4. Awareness of policies, std, guidelines
Term
Protector
 Definition
  1. Understand classifications system levels
  2. Label media as necessary
  3. Implement system safeguards
  4. Maintain document access records
  5. Ensure proper destruction methods are utilized
Term

Security Policy Best Practice (12)

GCEIPADUAPRE

 Definition
  1. Generate high-level security policy
  2. Create and implement diaster recovery & business continuity plans
  3. Encourage ethical behavior and use of IT systems
  4. ID org. data classification/valuation std.
  5. Protect data/manage appropiate data disposal
  6. Assess info ownership/resource ctrls
  7. Determine access ctrl/auth
  8. Use/Protect Intellectual Property
  9. Allocate operations/system responsibilities
  10. Promote security awareness/user responsibilities
  11. Report/respond to security incidents
  12. Ensure legal/regulatory compliance
Term
Security Policy Objectives
 Definition
  1. Inform EEs about security-related duties/responsibilities
  2. Define org's security goals
  3. Outline system's security requirements
  4. Disseminate standardized information (ensures personnel follow security duties)
Term
Security Policy Types
 Definition

Advisory

Informative

Regulatory
Term
Advisory Security Policy
 Definition
  • Indicate appropiate/effective actions
  • Include consequences/reprimands
  • Indicate how to handle private documentations & money
Term
Informative Security Policy
 Definition
  • Provide data on specific subject
  • Include NO ramifications
  • Used as instructional instruments
Term
Regulatory Security Policy
 Definition
  • Address industry regulations
  • Used in health care/financial institutions
Term
Security Document Types (5)
 Definition
  • Policies (high level document - mgt intensions)
  • Standards (required implementations/use)
  • Guidelines (reccommended implementations/use)
  • Procedures (step by step documentation)
  • Baselines (doc. w/min. security required for system/process)
Term
Security Policy Process (3 steps)
 Definition
  1. Overall document environment is controlled by policies
  2. Standards & Guidelines prepared to implement policies
  3. Procedures & Baselines created to implement Standards & Guidelines
Term
Organizational Policy Roles (3)
 Definition

CEO/Board of Directors

Security Dept.

All staff/employees
Term
Security Planning (3)
 Definition
  • Strategic: long range planning (major changes/security improvements; 5 years +)
  • Tatical:  mid-term planning (1-4 years)
  • Operational/Project: near-term (next 12 months)
Term
Security Awareness & Training (3)
 Definition
  1. Promote security awareness & provide effective training
  2. Develop security awareness training pts
  3. Offer online/instructor-led training
Term
Plan Professional Career Development/Training (4)
 Definition
  • Offer necessary training
  • Vendor training during product announcement/upgrades
  • Invest in career development
  • Encourage org. security memberships (national/local)
Term
Develop Security Awareness Training Points (8)
 Definition
  • Address PW Protection
  • Discuss Info Protection
  • List procedures to follow (unauthorized visitor)
  • ID tatics to combat Social Engineering
  • Characterize email threats
  • Analyze virus/worm protection
  • Assess Info. disclosure protection
  • Review VPN practices to protect data
Term
Offer online/instructor-led training (2)
 Definition
  • contract w/commercial vendors for product specific/general security training
  • arrange mandatory, instructor-led presentations/seminars
Supporting users have an ad free experience!