Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
47 Cards in this Set
- Front
- Back
A type of mechanism to link documents and resources across computers?
|
World Wide Web (WWW)
|
|
The duty of every government that wants to ensure its national security?
|
Cybersecurity
|
|
A list of rules and methods for communicating?
|
Protocol
|
|
Is the likelihood that something bad will happen to an asset.
|
Risk
|
|
Is any action that could damage an asset?
|
Threat
|
|
Gives priorities to the functions an organization needs to keep going?
|
Business Continuity Plan (BCP)
|
|
Defines how a business gets back on its feet after a major disaster like a fire or hurricane?
|
Disaster Recovery Plan
|
|
Is a computer program written to cause damage to a system, an application, or data?
|
Virus
|
|
Is a computer program written to cause a specific action to occur, such as erasing a hard drive
|
Malicious Code or malware
|
|
Is a weakness that allows a threat to be realized or to have an effect on an asset?
|
Vulnerability
|
|
Software license agreements between the user and the software vendor that typically contain a warranty disclaimer?
|
End User License Agreement (EULA)
|
|
Is the collection of activities that protect the information system and the data stored in it. Many U.S. and international laws now require this kind of security assurance?
|
Information System Security
|
|
Passed in 2002, requires federal civilian agencies to provide security controls over resources that support federal operations?
|
Federal Information Security Management Act (FISMA)
|
|
Passed in 2002, requires publicly traded companies to submit accurate and reliable financial reporting and requires security controls to protect the confidentiality and integrity of the reporting itself?
|
Sarbanes-Oxley Act (SOX)
|
|
Requires all types of financial institutions to protect customers’ private financial information?
|
Gramm-Leach-Bliley Act (GLBA)
|
|
Passed in 1996, requires health care organizations to have security and privacy controls implemented to ensure patient privacy.
|
Health Insurance Portability and Accountability Act (HIPAA)
|
|
Passed in 2000, requires public schools and public libraries to use an Internet safety policy. The policy must address the following: Restricting children’s access to inappropriate matter on the Internet Ensuring children’s security when using e-mail, chat rooms, and other electronic communications Restricting hacking and other unlawful activities by children online Disclosing and distributing personal information about children without permission Restricting children’s access to harmful materials |
Children's Internet Protection Act (CIPA)
|
|
Passed in 1974, protects the private data of students and their school records.
|
Family Education Rights and Privacy Act (FERPA)
|
|
Tenet of Information Security System that states authorized users can view information?
|
Confidentiality
|
|
Tenet of Information Security System that states authorized users can change information?
|
Integrity
|
|
Tenet of Information Security System that states information is accessible by authorized users whenever they request the information.
|
Availability
|
|
The practice of hiding data and keeping it away from unauthorized users?
|
Cryptography
|
|
The process of transforming data from cleartext into ciphertext?
|
Encryption
|
|
Deals with the validity and accuracy of data?
|
Integrity
|
|
A contract that guarantees a minimum monthly availability of service for wide area network (WAN) and Internet access links?
|
Service Level Agreement
|
|
The domain that defines the people who access an organization’s information system?
|
User Domain
|
|
Applied in User Domain. Defines what users are allowed and not allowed to do with organization-owned IT assets?
|
Acceptable Use Policy (AUP)
|
|
The domain where most users connect to the IT infrastructure?
|
Workstation Domain
|
|
Is the process of ensuring that controls are in place to handle any known threats?
|
Hardening
|
|
A collection of computers connected to one another or to a common connection medium?
|
Local Area Network
|
|
Examines the MAC layer address and makes forwarding decisions based on MAC layer address tables?
|
Layer 2 switch
|
|
Examines the network layer address and routes packets based on routing protocol path determination decisions, the same as a router?
|
Layer 3 switch
|
|
A LAN segment in the LAN-to-WAN Domain that acts as a buffer zone for inbound and outbound IP traffic?
|
Demilitarized Zone (DMZ)
|
|
What type of servers are placed in a DMZ?
|
External servers such as Web servers, proxy servers, and e-mail servers
|
|
Acts as a middleman between a workstation and the external target?
|
Proxy Servers
|
|
Can include dedicated Internet access and managed services for customers’ routers and firewalls?
|
WAN Domain
|
|
Is a dedicated encrypted tunnel from one endpoint to another?
|
Virtual Private Network (VPN)
|
|
Can be created between a remote workstation using the public Internet and a VPN router or a secure browser?
|
Virtual Private Network (VPN)
|
|
Is important to have, but dangerous to use because it introduces many risks and threats from the Internet?
|
Remote Access Domain
|
|
Holds all the mission-critical systems, applications, and data?
|
System/Application Domain
|
|
Is the weakest link in security?
|
The User
|
|
A short written statement that the people in charge of an organization have set as a course of action or direction?
|
Policy
|
|
A detailed written definition for hardware and software and how it is to be used?
|
Standard
|
|
Are written instructions for how to use policies and standards?
|
Procedures
|
|
A suggested course of action for using the policy, standards, or procedures?
|
Guidelines
|
|
A consistent definition for how an organization should handle and secure different types of data?
|
Data Classification Standard
|
|
|
|