5.1 Flashcards
Security policies, security standards, security procedures, security considerations, data roles and responsibilities
Security polices answer the ____ and ____ of security implementation.
Technical security controls answer the ____.
What, why
How
A master list of all polices that should be followed to maintain the uptime, availability, and security of the network.
They might be mandated by governmental regulations.
It details what happens in different threat situations, and a list of roles and responsibilities.
Information security policies
AUP stands for
Acceptable Use Policy
A policy that details how an organization’s assets (normally technology) may or may not be used.
Protects the organization from both cyber threats and legal liability.
AUP
A plan that keeps the organization’s critical functions going when disaster happens.
This could mean using manual transactions, paper receipts, and calling up credit card companies to manually approve credit card transactions.
BCP
A plan that details actions that can help keep the organization going after disaster as well as steps for how to get the organization back to full functionality.
Like a BCP, but with more steps.
DRP
This group of personnel is useful in incident response for their specialized training for any type of disaster.
CIRT/CSIRT/CERT
This group of personnel is useful in incident response for their corporate support. This can help obtain the proper resources and people to address incidents.
IT security management team
This group of personnel is useful in incident response for ensuring that the network is compliant with mandated regulations.
Compliance officers
This group of personnel is useful in incident response for actively solving technical problems during disaster.
Technical staff
This group of personnel is useful in incident response for being able to see everything that occurs in a network–even if they only see symptoms.
Users
A framework that helps to organize and maintain the creation of software.
SDLC
2 of the most common SDLCs
Agile
Waterfall
A linear SDLC cycle
Waterfall
A faster SDLC that goes through multiple cycles before being finished
Agile