1 - Security Influences and Risk Flashcards

1
Q

Advisory Security Policy

A

Provides instruction on acceptable and unacceptable activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Informative Security Policy

A

Provides information from an education standpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk management involves:

A

identification, assessment, analyzation, and mitigation of risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Measurement of information security issues at management levels is accomplished by what?

A

The risk management framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What do risk profiles represent?

A

a cross-section of an organization’s comfort level of which risks it will and will not tolerate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk management measure the effect of security on what?

A

business objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security practitioner must consider what objectives?

A

business and security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is NIST?

A

a U.S. government agency that develops a formal series of special publications that detail policies, procedures, and guidelines for the security of federal computer devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The NIST Risk Management Framework (RMF) is detailed in what publication?

A

NISP SP 800-39: Managing Information Security Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The NIST Risk Management Framework (RMF) includes what stages related to security controls?

A
  • Categorize
  • Select
  • Implement
  • Assess
  • Authorize
  • Monitor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is ISO?

A

ISO is the world’s largest standards organization; it creates standard for many industries, including security and technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What organizations are able to provide official accreditation to organization for demonstrating compliance with particular standard and guidelines?

A

NIST and ISO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Many partnership business models involve the exchange of information, making information security requirements what?

A

a cross-business issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

With regard to personnel, business models influence what?

A

how personnel are employed and whether to rely on in-house expertise or offshore talent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the two high-level types of partnerships?

A

formal and informal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Partners share in what?

A

operational responsibility, profits, and liabilities associate with a business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Policies associate with the user of information by a partner should be?

A

determined in advance and provided to customer(s) for approval

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Customer data cannot be shared with other parties without:

A

notification of business purpose and (in the EU) customer consent, aka opt-in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Cloud computing helps organizations in what ways?

A

Reducing costs and improving productivity by utilizing applications, accessibility, storage, availability, and scalability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Prior to signing an agreement with a cloud provider, organizations must do what?

A

Determine the risk management and assessment processes the cloud provider implements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Reviewing service level agreements allows you to learn what?

A

the service offerings and promises of a cloud, outsourcing, or other provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

As businesses become global what practice with regard to personnel is becoming more common?

A

outsourcing of business functions, including information security activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Merger and acquisitions can result in changes to many business processes, which requires what before completion?

A

Careful attention during due diligence periods, including attention to information security processes

24
Q

What are managed security services?

A

Outsourced security and network services

25
Managed security services can include what?
- physical security - vulnerability assessments - penetration testing - operation security monitoring - compliance monitoring/auditing - digital forensics - other consulting efforts
26
What is the HIPAA Security Rule?
It standardizes the protection of PHI and requires administrative, physical, and technical safeguards
27
What is PHI
private health information
28
The GLBA's provisions for financial organizations to protect the privacy of customer data is carried out by what?
the Safeguards Rule and the Privacy Rule
29
SOX is an abbreviation for what?
the Sarbanes-Oxley Act
30
SOX was created to do what?
Mandate publicly trade corporations to implement internal controls, auditing, and disclosure practices to protect businesses, investors, and customers from corporate scandals.
31
FISMA stands for what?
Federal Information Security Modernization Act
32
What is the purpose of FISMA?
To direct government agencies to enforce various security requirements on government networks and devices
33
PCI DSS stands for what?
Payment Card Industry Data Security Standard
34
What does PCI DSS require?
All organizations that process payment cards to protect both the transactions and the card holder data
35
EU directives 2002/58/EC & 2009/136/EC both require what?
telecoms and ISPs to offer security for their services and to notify customers of security threats
36
GDPR stands for what?
General Data Protection Regulation
37
In general, what does GDPR do?
Improves the security and privacy practices required when dealing with EU customer data
38
Organizations with international partnerships and locations with need to consider what with regard to export requirements?
Both local and foreign export requirements
39
Analysis of competitors will improve organization awareness of what with regard to security?
security standards, procedures, guidelines, and best practices
40
An internal audit can be used to do what?
Verify compliance with internal and external security requirements, as well as provide management with feedback on risk management efforts
41
The COBIT framework provides what?
a set of generally accepted measures, indicators, processes, and best practices to assist in maximizing the benefits of IT
42
COBIT stands for what?
Control Objectives for Information Technology
43
HITECH stands for what?
Health Information Technology for Economic and Clinical Health
44
The HITECH Act generally does what?
widens the scope of privacy and security protections available under HIPAA
45
Client and customer data requirements result in what?
Organizational security requirements
46
Top-level management evaluates security using what mindset?
a risk management mindset
47
Deperimeterization describes what?
The moving of organization boundaries from the edge of the network to wherever the user's device is. (This includes the edge network, cloud environment, Wi-Fi network, the user's home network, or networks accessed while traveling)
48
How are teleworkers distinguished from telecommuters?
telecommuters work from home, whereas teleworkers travel to non-main office locations like branches or customer sites
49
What does COPE stand for with regard to mobile devices?
Corporate Owned/Personally Enabled
50
COPE describes what situation?
corporations buy devices but employees use them for personal and business needs
51
CYOD stands for what?
Choose your own device
52
A CYOD policy allows a business to do what?
Publish a limited list of devices that employees can buy, allowing the business to limit the disparity of devices to support while giving employees some level of choice
53
Enterprise standard operating environments provide what benefits to the organization?
reduce complexity, improve security, and reduce resource requirements for operations
54
What are the risk management steps, in order?
- Identification - Assessment - Analyzation - Mitigation
55
Security audit findings can be used for what?
to facilitate improvements in the security system
56
What is divestiture?
When an organization sells off one of its business units