Term
| What are controls that determine the way people act, including policies, procedures, and guidance? |
|
Definition
| Administrative Security Control |
|
|
Term
| What are controls implemented in operating systems, software, and security appliances? |
|
Definition
| Technical Security Control |
|
|
Term
| What are controls such as alarms, gateways, and locks that deter access to premises and hardware? |
|
Definition
| Physical Security Control |
|
|
Term
| What physically or logically restricts unauthorized access? |
|
Definition
| Preventive Security Control |
|
|
Term
| What may not physically or logically prevent access, but psychologically discourages an attacker from attempting an intrusion? |
|
Definition
| Deterrent Security Control |
|
|
Term
| What may not prevent or deter access, but it will identify and record any attempted or successful intrusion? |
|
Definition
| Detective Security Control |
|
|
Term
| What responds to and fixes an incident and may also prevent its reoccurrence? |
|
Definition
| Corrective Security Control |
|
|
Term
| What does not prevent the attack but restores the function of the system through some other means? |
|
Definition
| Compensating Security Control |
|
|
Term
| What forces an intruder to bypass more than one security control to achieve action on objectives? |
|
Definition
|
|
Term
| What is the utilization of multiple different types of security controls? |
|
Definition
|
|
Term
| What is the use of more than one supplier? |
|
Definition
|
|
Term
| What is the transfer of responsibility to recover? |
|
Definition
| Transfer Security Control |
|
|
Term
| International Organization for Standardization |
|
Definition
|
|
Term
| Control Objectives for Information and Related Technologies |
|
Definition
|
|
Term
| Sherwood Applied Business Security Architecture ( |
|
Definition
|
|
Term
What are the following?:
oOpen Web Application Security Project (OWASP)
oSANS Institute (SysAdmin, Network, and Security)
oCenter for Internet Security (CIS) |
|
Definition
| General Purpose Secure Configuration Guides |
|
|
Term
| What is the requirement to do as much as you possibly can to protect information? |
|
Definition
|
|
Term
| SysAdmin, Network, and Security |
|
Definition
|
|
Term
| What is the in-depth analysis of security systems and policies? |
|
Definition
|
|
Term
| What is a penetration test somewhere between white box and black box? |
|
Definition
|
|
Term
| Common Vulnerabilities and Exposures |
|
Definition
|
|
Term
| Security Content Automation Protocol |
|
Definition
|
|
Term
| Open Vulnerability and Assessment Language |
|
Definition
|
|
Term
| What is a letter that defines the scope of your penetration test of what is and is not allowed? |
|
Definition
|
|
Term
| What is a software configured with a list of known exploits / vulnerabilities? |
|
Definition
|
|
