Term
|
Definition
| is the likelihood that something bad will happen |
|
|
Term
|
Definition
| is any action that could damage an asset |
|
|
Term
| Business Continuity Plan (BCP) |
|
Definition
| gives the priorities to the functions an organization needs to keep going |
|
|
Term
| Disaster Recovery Plan (DRP) |
|
Definition
| defines how a business gets back on their feet after a major disaster like a fire or hurricane |
|
|
Term
|
Definition
| is a weakness that allows a threat to be realized or to have an effect on an asset |
|
|
Term
| List 3 examples of protecting private data and ensuring confidentiality: |
|
Definition
-defining organization wide policies, standards and procedures and guidelines
-Data classification standard
-limiting access to systems |
|
|
Term
| GBLA (Gramm-Leach Bliley Act) |
|
Definition
| Passed in 1999, this requires all types of financial institutions to protect customers private financial information |
|
|
Term
| List the 4 components of of an IT security policy framework: |
|
Definition
1. Policy
2. Standard
3. Procedures
4. Guidelines |
|
|
Term
| List the 4 data classification standards: |
|
Definition
1. private data
2. confidential
3. internal use only
4. public domain data |
|
|
Term
|
Definition
| The difference between the security controls you have in place and the controls you need to address all vulnerabilities. |
|
|
Term
|
Definition
| Is the comparison of the security controls you have in place and the controls you need in order to address all identified threats. Should always be ongoing |
|
|
Term
|
Definition
| is any weakness in a system that makes it possible for a threat to cause it harm |
|
|
Term
|
Definition
| often exploit one or more known vulnerabilities |
|
|
Term
| Project Management Body of Knowledge (PMBOK) |
|
Definition
states that the effects of risk can be positive or negative.
Minimizes the effects of negative risks
Maximizes the effects of positive risks |
|
|
Term
| What are the 3 classifications of "hackers" |
|
Definition
White hat hackers
Black hat hackers and
Grey hat hackers |
|
|
Term
| Name 4 threat targets in an IT infrastructure: |
|
Definition
1. LAN domain
2. LAN to WAN Domain
3. WAN domain
4. Remote Access Domain |
|
|
Term
| What two elements define the components of an access control policy? |
|
Definition
| Authorization and Identification |
|
|
Term
| Name the two types of access control |
|
Definition
Physical Access controls
Logical access controls |
|
|
Term
| What are the three types of authentication? |
|
Definition
Knowledge-something you know(password)
Ownership-something you have (card, key or token)
Characteristics-something unique to you (fingerprint, retina or signature) |
|
|
Term
| 4 Models of Access Control: |
|
Definition
DAC (discretionary access control)
MAC (Mandatory access control)
Non DAC
Rule based access control |
|
|
Term
| DAC (discretionary access control) |
|
Definition
| the owner or resource decides who gets in and changes permissions as needed. The owner can give that job to others |
|
|
Term
| MAC (mandatory access control) |
|
Definition
| permission to access a system is kept by the owner. It cannot be given to someone else. MAC is stronger than DAC |
|
|
Term
| Non-Discretionary access control |
|
Definition
| closely monitored by the security admin and not the system admin |
|
|
Term
| Rule based access control |
|
Definition
| a list of rules maintained by the data owner, determines which users have access to objects |
|
|
Term
| Brewer and Nash Integrity Model |
|
Definition
| ensures fair competition, used to apply dynamically changing access permissions. |
|
|
Term
|
Definition
Regulatory compliance
Organizational compliance |
|
|
Term
| What 4 supporting elements are present in an IT security policy? |
|
Definition
| standards, procedures, baselines and guidelines |
|
|
