Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
42 Cards in this Set
- Front
- Back
*Accountability |
It is the mechanism that enables the internal control function |
|
*Asset Identification |
It is the classification and identification of each item placed under the information assurance scheme |
|
**Asset Valuation |
The value placed on an information item by the organization |
|
*****Availability |
It is the quality that ensures that the information is provided to the authorized users when it is required |
|
*****Baseline |
It is the aggregate set of secured assets |
|
**Breached |
It is the violation of personnel policies |
|
*****Confidentiality |
Organization’s need to restrict access to information or data |
|
**Containment |
It focuses on keeping sensitive data within assured system |
|
**Control Set |
It is the security infrastructure of the organization |
|
***Controls |
They are security measures for access to data |
|
**Detection |
It seeks to find and help people react to an assured system penetration |
|
**Deterrence |
It describes those policies, procedures, and actions that are designed to discourage penetration of an assured system |
|
*Disciplined |
Baseline must be updated in disciplined fashion to secure information |
|
*Feasibility |
It is the likelihood that a task or purpose can be accomplished |
|
*Incident Handling |
It is an exceptional process that is invoked only when the organization encounters a problem within its information assurance function that it has not seen before |
|
*Information Assurance Perimeter |
It is the outer boundary of the space to be secured |
|
*****Integrity |
It is the quality of authenticity, accuracy, and completeness of data |
|
**Metrics |
Measure for assessing information assurance performance |
|
*Monitoring |
It is enforcement of accountability measure |
|
**Policy |
Documented organizational processes |
|
**Prevention |
Methods used to stop security breaches before they happen |
|
*Process Entropy |
It is the natural tendency for any organized system to degrade over time due to the changing conditions |
|
*Process |
They are steps to carry out a policy |
|
**Recovery |
It details the actions necessary to restore a system’s processing capability and data files after a failure or penetration |
|
***Risk Analysis |
It is a process to determine risk estimation |
|
*Security Infrastructure |
It is a combined set of policies, roles and responsibilities and accountabilities for a given organization |
|
*Stakeholder |
They are the users or creators of information |
|
***Threat |
It is capable of exploiting known weakness in an organization |
|
****Vulnerabilities |
Perceived weaknesses in an organization that can be exploited |
|
****Authentication |
It is the security service that establishes the validity of a transmission, message, or originator |
|
****Authorization |
When access is given to acquire specific items of information |
|
*****Availability |
t provides authorized users with timely, reliable access to data and information services |
|
*****Confidentiality |
It ensures that information is not disclosed to unauthorized persons, processes, or devices |
|
*Consequence |
It is the cost to the organization for the inability to perform a specific function |
|
*Information Assurance Infrastructure |
It determines how an organization establishes a concrete and sustainable assurance process through a framework of specially designed procedures |
|
*Infrastructure |
The information assurance framework is referred to as infrastructure |
|
*Information Assurance Manual |
It documents an organization’s policies, procedures, and work practices |
|
****Integrity |
Specific protection against unauthorized modification or destruction of data in its transmission, storage, and processing |
|
*Management Controls |
They are behavioral controls that regulate access to protected information through procedures |
|
***Non-Repudiation of Origin |
It provides the data center with proof of delivery and it ensures the sender’s identity to the recipient |
|
*Operational Controls |
They are the day-to-day procedures that protect the operation from a wide variety of physical and environmental threats |
|
*Technical Controls |
They are authorization controls and make up the automated access control system |