Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

5. Risk Management > 5.1 Policies, plans and procedures related to organizational security > Flashcards

5.1 Policies, plans and procedures related to organizational security Flashcards

1
Q

BPA

A

Business partners agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SLA

A

(service level agreement) Operating procedures and standards for a service contract.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ISA

A

(interconnection security agreement) A business agreement that focuses on ensuring security between organizations in a partnership. Any federal agency interconnecting its IT system to a third party must create an ISA to govern the relationship. An ISA sets out a security risk awareness process and commits the agency and supplier to implementing security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

MOU/MOA

A

(Memorandum of Understanding) Usually a preliminary or exploratory agreement to express an intent to work together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Job rotation

A

Means that no one person is permitted to remain in the same job for an extended period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Separation of duties

A

A means of establishing checks and balances against the possibility that critical systems or procedures can be compromised by insider threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data owner

A

A senior (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of the information asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

System administrator

A

The day-to-day sysadmin role requires technical understanding of access controls and privilege management systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

System owner

A

This role is responsible for designing and planning computer, network, and database systems. The role requires expert knowledge of IT security and network design.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Privileged user

A

Employees with access to privileged data should be given extra training on data management and PII plus any relevant regulatory or compliance frameworks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Executive user

A

Good security awareness is essential as these users are likely to be specifically targeted (whale phishing and spear phishing).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Continuing education

A

Ensures that the participants do not treat a single training course or certificate as a sort of final accomplishment. Skills and knowledge must be continually updated to cope with changes to technology and regulatory practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Adverse actions

A

Means that in disciplining or firing an employee, the employer is discriminating against them in some way.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

5. Risk Management (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions