Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
71 Cards in this Set
- Front
- Back
IT Governance |
provides a comprehensive security management framework |
|
policies |
defines the role of security in an organization and establishes the desired end state of the security program |
|
Organizational policies |
provide general direction and goals, a framework to meet the business goals, and define the roles, responsibilities, and terms |
|
System-Specific policies |
address the security needs of a specific technology, application, network, or computer system |
|
Issue-Specific Policies |
built to address a specific security issue, such as email privacy, employee termination procedures, or other specific issues |
|
Baseline |
created as reference points which are documented for use as a method of comparison during an analysis conducted in the future snapshotting a configured server and calling it the baseline would be an example |
|
guidelines |
used to recommend actions |
|
Procedures |
detailed step by step instructions that are created to ensure personnel can perform a given action |
|
EXAM TIP |
policies generic ex:passwords must be strong procedures are specific ex:tells me how to change password with steps |
|
Data Classification |
category based on the value to the organization and the sensitivity of the information if it were to be disclosed |
|
sensitive data |
any information that can result in a loss of security, or loss of advantage to a company, if accessed by unauthorized persons |
|
what are the two different classifications schemes that commercial business and the government use? |
commercial: public, sensitive, private, and confidential |
|
public data |
has no impact to the company if released and is often posted in the open-source environment |
|
sensitive data |
might have minimal impact if released |
|
private data |
contains data that should only be used within the organization |
|
confidential data |
highest classification level that contains items such as trade secrets, intellectual property data, source code, and other types that would seriously affect the business if disclosed |
|
government classifications |
unclassified sensitive but unclassified confidential secret top secret |
|
unclassified data |
can be released to the public |
|
sensitive but unclassified |
items that wouldn't hurt national security if released but could impact those whose data is contained in it |
|
confidential data |
data that could seriously affect the government if unauthorized disclosure were to happen |
|
secret data |
data that could seriously damage national security if disclosed |
|
top secret |
data that could gravely damage national security if it were known to those who are not authorized for this level of information |
|
PII personal identifiable information |
a piece of data that can be used either by itself or in combination with some other pieces of data to identify a single person |
|
privacy act of 1974 |
affects the US government computer systems that collects, stores, uses, or disseminates personally identifiable information |
|
Health insurance portability and accountability act (HIPAA) |
affects healthcare providers, facilities insurance companies, and medical data clearing houses |
|
Sarbanes-Oxley (SOX) |
Affects publicly- traded US corporations and requires certain accounting methods and financial reporting requirements |
|
Gramm-Leach-Bliley act (GLBA) |
affects banks, mortgage companies, loan offices, insurance companies, investment companies, and credit card providers |
|
Federal information security management (FISMA) Act of 2002 |
requires each agency to develop, document and implement an agency wide information systems security program to protect their data |
|
payment card industry data security standard (PCI DSS) |
contractual obligation |
|
help america vote act (HAVA) of 2002 |
provides regulations that govern the security, confidentiality and integrity of the personal information collected, stored or processed during the election and voting process |
|
SB 1386 |
requires any business that stores personal data to disclose data breach |
|
Privacy policy |
governs the labeling and handling of data |
|
acceptable use policy AUP |
defines the rules that restrict how a computer, network or other systems may be used |
|
change management policy |
defines the structured way of changing the state of a computer system, network, or IT procedure |
|
separation of duties |
a preventative type of administrative control |
|
Job rotation |
different users are trained to perform the tasks of the same position to help prevent and identify fraud that could occur if only one employee had the job |
|
onboarding and offboarding policy |
dictates what type of things need to be done when an employee is hired, fired, or quits |
|
due diligence |
ensuring that IT infrastructure risks are known and managed properly |
|
due care |
mitigation actions that an organization takes to defend against the risks that have been uncovered during due diligence |
|
due process |
a legal term that refers to how an organization must respect and safeguard personnel's rights |
|
What are three types of user training that can be utilized? |
security awareness training security training security education |
|
security awareness training |
used to reinforce to users the importance of their help in securing the organizations valuable resources all employees recommended to attend at least once a year |
|
security training |
used to teach the organizations personnel the skills they need to perform their job in a more secure manner |
|
security education |
to better your knowledge for professionals such as SEC+ |
|
Non-disclosure Agreement (NDA) |
agreement between two parties that defines what data is considered confidential and cannot be shared outside of the relationship |
|
Memorandum of Understanding (MOU) |
a non binding agreement between two or more organizations to detail an intended common line of action can be between multiple organizations |
|
Service-level agreement (SLA) |
an agreement concerned with the ability to support and respond to problems within a given time frame and continuing to provide the agreed upon level of service to the user |
|
Interconnection Security Agreement (ISA) |
an agreement for the owners and operators of the IT systems to document what technical requirements each organization must meet |
|
Business Partnership Agreement (BPA) |
Conducted between two business partners that establishes the conditions of their relationship |
|
When does asset disposal occur |
whenever a system is no longer needed |
|
Degaussing |
exposes the hard drive to a powerful magnetic field which in turn causes previously-written data to be wiped from the drive |
|
Purging (sanitizing) |
act of removing data in such a way that it cannot be reconstructed using any known forensic techniques |
|
Clearing |
removal of data with a certain amount of assurance that it cannot be reconstructed |
|
data remnants are a big security concern |
|
|
5 steps of disposal policies |
1.define which equipment will be disposed of 2. determine a storage location until disposal 3. analyze equipment to determine disposal - reuse, resell, or destruction 4. Sanitize the device and remove all its data 5. throw away, recycle, or resell the device |
|
incident response |
a set of procedures that an investigator follows when examining a computer security incident |
|
incident management program |
program consisting of the monitoring and detection of security events on a computer network and the execution of proper responses to those security events |
|
6 incident response steps must know in order |
preparation identification containment eradication recovery lessons learned |
|
preparation |
|
|
identification |
process of recognizing whether an event that occurs should be classified as an incident |
|
containment |
focused on isolating the incident |
|
Recovery |
focused on data restoration, system repair, and re-enabling any servers or networks taken offline during the incident response |
|
lessons learned |
documenting what happened, and planning how to prevent this from happening again |
|
If malware infects a server, what should you do? |
create a forensic disk image of the data as evidence for later analysis |
|
what are some things you will be doing for data collection |
capture and hash system images analyze data with tools capture screenshots review network traffic logs capture video consider order of volatility take statements review licensing and documentation track man hours and expenses |
|
FTK and Encase |
popular forensic tools |
|
Sherwood applied business security architecture (SABSA) |
is a risk-driven architecture |
|
Control Objectives for information and related technology (COBIT) |
a security framework that divides IT into four domains: plan and organize, acquire and implement, deliver and support, and monitor and evaluate |
|
NIST SP 800-53 |
a security control framework developed by the Dept. of commerce |
|
ITIL |
the de facto standard for IT service management Being able to discuss ITIL will help in your job interviews |
|
different types of frameworks |
SABSA COBIT NIST SP 800-53 ISO 27000 ITIL |