2. Assest Security Flashcards
What is the first canon of ISC2 Code of Ethics?
Protect society, the commonwealth and the infrastructure.
What is the second canon of ISC2 Code of Ethics?
Act honorably, justly, responsibly and legally.
What is the third canon of ISC2 Code of Ethics?
Provide diligent and competent service to principals.
What is the forth canon of ISC2 Code of Ethics?
Advance and protect the profession.
What does the data owner do?
He classifies data.
What does the data custodian do?
He performs the day to day maintenance of the data.
What does the security administrator do?
He is responsible for all security related tasks, focusing on confidentiality and integrity.
What is the ISO?
Information security officer.
What are the responsibilities of the ISO?
- Provides CIA for all information assists
- Communicates risks to senior management.
- Recommends best practices to influence policy, standards, procedures and guidelines
- Establish security measurements.
What makes up the value of an asset?
- Value to the organization
- Loss if compromised
- Legislative drivers
- Liabilities
- Value to competitors
Define sensitivity
Describes the amount of damage that would be done should the I go be disclosed
Define criticality
The time sensitivity of the data. Usually driven by how much revenue will be lost should this not be used/used incorrectly.
What types of protection are there for data in the “at rest” state?
File system encryption, EFS, TPM
What types of protection are there for data in the “in process” state?
Physical security measures like screen protectors, locking station when we leave and a clean desk policy.
What types of protection are there for data in the “In Transit” state?
IPSec, SSL/TLS
