Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
87 Cards in this Set
- Front
- Back
What are the three security concepts represented by the C.I.A triangle?
|
Confidentiality, Integrity and Availability
|
|
_____ means that only those with the rights and privileges to access information are able to do so.
|
Confidentiality
|
|
_____ is when information is whole, complete and uncorrupted.
|
Integrity
|
|
_____ means that authorized users-persons or computer systems-are able to access information without interference or obstruction, and to receive it in the required format.
|
Availability
|
|
A category of objects, persons, or other entities that pose a potential risk of loss to an asset
Asset: an organizational resource that is being protected |
Threat
|
|
An _____ can be logical, such as a Web site, information, or data; or it can be physical, such as a person, computer system, or other tangible object.
|
Asset
|
|
A _____ is a weakness or fault in the protection mechanisms that are intended to protect information and information assets from attack or damage.
|
Vulnerability
|
|
_____ is the process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of all components in the organization's information system.
|
Risk Management
|
|
Eliminate or reduce the remaining uncontrolled risks.
|
Avoidance strategy
|
|
Transfer the risk to other areas or to outside entities.
|
Transference strategy
|
|
Reduce the impact should the vulnerability be exploited.
|
Mitigation strategy
|
|
Understand the consequences and accept the risk without control or mitigation.
|
Acceptance strategy
|
|
Application of policy is a method of risk _____.
|
Avoidance
|
|
Training and Education are methods of risk ______.
|
Avoidance
|
|
Application of technology is a method of risk ______.
|
Avoidance
|
|
Rethink how services are offered is a method of risk _____.
|
Transference
|
|
Revise deployment models is a method of risk _____.
|
Transference
|
|
Outsource to other organizations is a method of risk _____.
|
Transference
|
|
Purchase insurance is a method of risk _____.
|
Transference
|
|
Implement service contracts with providers is a method of risk _____.
|
Transference
|
|
Contingency Planning is a method of risk _____.
|
Mitigation
|
|
Business impact analysis is a method of risk _____.
|
Mitigation
|
|
Incident response plan is a method of risk _____.
|
Mitigation
|
|
Disaster recovery plan is a method of risk _____.
|
Mitigation
|
|
Business continuity plan is a method of risk _____.
|
Mitigation
|
|
The choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation is a method of risk _____.
|
Acceptance
|
|
The four subordinate functions of a contingency plan are _____ _____ assesment, Incident response planning, Disaster recovery planning, and Business continuity planning
|
Business impact
|
|
The four subordinate functions of a contingency plan are Business impact assessment, _____ _____ planning, Disaster recovery planning, and Business continuity planning
|
Incident response
|
|
The four subordinate functions of a contingency plan are Business impact assessment, Incident response planning, _____ _____ planning, and Business continuity planning
|
Disaster recovery
|
|
The four subordinate functions of a contingency plan are Business impact assessment, Incident response planning, Disaster recovery planning, and _____ _____ planning.
|
Business continuity
|
|
A plan or course of action used to convey instructions from senior management to those who make decisions, take actions, and perform duties
|
Policy
|
|
An organizational law that dictates acceptable and unacceptable behavior, and defines penalties for violations
|
Policy
|
|
Detailed statement of what must be done to comply with policy
|
Standard
|
|
Informal standard is also known as a _____.
|
De facto standard
|
|
A formal standard is also known as _____.
|
De jure standard
|
|
_____, procedures, and guidelines effectively explain how to comply with policy.
|
Practices
|
|
Practices, _____, and guidelines effectively explain how to comply with policy.
|
procedures
|
|
Practices, procedures, and _____ effectively explain how to comply with policy.
|
guidelines
|
|
Effectively explain how to comply with policy.
|
Practices, procedures, and guidelines
|
|
Accidental deletion of user desktop data or files by member of organization (accidental user data deletion)
|
Act of human error or failure
|
|
Accidental deletion of server data or files by member of organization (accidental server data deletion)
|
Act of human error or failure
|
|
Accidental release of critical information by member of organization, including due to social engineering efforts (accidental leak)
|
Act of human error or failure
|
|
Accidental error or failure to follow procedure in creating software or hardware vulnerabilities.
|
Act of human error or failure
|
|
Accidental modification or deletion of data due to failure to follow policies or procedures.
|
Act of human error or failure
|
|
Installation of unauthorized software
|
Act of human error or failure
|
|
Improper configuration of software or hardware
|
Act of human error or failure
|
|
Unauthorized installation of software in violation of its licensing (piracy)
|
Compromise to intellectual property
|
|
Release of organizational information performed outside the bounds of policy, sometimes classified as a "leak".
|
Compromise to intellectual property
|
|
Violation of fair use of copyrighted material (plagiarism).
|
Compromise to intellectual property
|
|
Unauthorized logical access to organizational information or systems (hacker probe).
|
Deliberate acts of trespass
|
|
Unauthorized physical access to organizational facilities (trespasser)
|
Deliberate acts of trespass
|
|
Blackmail of organization for information assets (electronic extortionist)
|
Deliberate acts of Information extortion
|
|
Intentional and unauthorized modification or destruction of organizational information assets (electronic vandal)
|
Deliberate acts of sabotage or vandalism
|
|
Physical damage or destruction of organizational assets (physical vandal)
|
Deliberate acts of sabotage or vandalism
|
|
Illegal "taking" or organizational assets
|
Deliberate acts of theft
|
|
E-mail viruses and worms, other viruses and worms
|
Deliberate software attacks
|
|
E-mail based social engineering (phishing)
|
Deliberate software attacks
|
|
Web based malicious script
|
Deliberate software attacks
|
|
Denial of service attacks on organizational information assets
|
Deliberate software attacks
|
|
Distributed denial of service attacks on organizational information assets
|
Deliberate software attacks
|
|
Fire
|
Forces of nature
|
|
Flood
|
Forces of nature
|
|
Earthquake
|
Forces of nature
|
|
Lightning
|
Forces of nature
|
|
Landslide or mudslide
|
Forces of nature
|
|
Tornado or severe windstorm
|
Forces of nature
|
|
Hurricane or typhoon
|
Forces of nature
|
|
Tsunami
|
Forces of nature
|
|
Electrostatic discharge (ESD)
|
Forces of nature
|
|
Dust contamination
|
Forces of nature
|
|
Solar flare
|
Forces of nature
|
|
Electromagnetic radiation
|
Forces of nature
|
|
Humidity
|
Forces of nature
|
|
Network connection outage due to cable severance ( phone or ISP)
|
Quality of service deviations from service providers
|
|
Network connection outage due to service faults (phone or ISP)
|
Quality of service deviations from service providers
|
|
Power blackout
|
Quality of service deviations from service providers
|
|
Power brownout
|
Quality of service deviations from service providers
|
|
Power surge
|
Quality of service deviations from service providers
|
|
Power spike
|
Quality of service deviations from service providers
|
|
Power fault
|
Quality of service deviations from service providers
|
|
Power sag
|
Quality of service deviations from service providers
|
|
Other issues (for example, water, sewage, garbage, and other utilities)
|
Quality of service deviations from service providers
|
|
Equipment failure due to manufacturer or designer faults or defects (for example, HD crash)
|
Technical hardware failures or errors
|
|
Software failure due to manufacturer or designer faults or defects (for example, bugs or code problems)
|
Technical software failures or errors
|
|
Unknown software access bypasses (loopholes and trapdoors)
|
Technical software failures or errors
|
|
Use of antiquated or outdated technologies
|
Technological obsolescence
|
|
Failure to maintain or update antiquated or outdated equipment-based data storage.
|
Technological obsolescence
|