Acronyms

Question 1

ASLR

Answer 1

Address Space Layout Randomization
Memory protection for operating systems
Guards against buffer overflow attacks
Randomized place system executables are loaded into memory

Question 2

ARO

Answer 2

Annualized Rate of Occurrence

How likely a particular issue/disaster is to happen

Question 3

SLE

Answer 3

Single Loss Expectancy

Cost for one single event

Question 4

ALE

Answer 4

Annual Loss Expectancy
How much it will cost in a year
Calculated by multiplying ARO and SLE

Question 5

ATT&CK

Answer 5

Adversarial Tactics, Techniques, and Common Knowledge
MITRE ATT&CK framework
Information about attacks and how to prevent

Question 6

AUP

Answer 6

Acceptable Use Policy
Documentation for how all company assets are to be used
Allows for employer to note how things should be used

Question 7

BIA

Answer 7

Business Impact Analysis

What of the business will be impacted

Question 8

RTO

Answer 8

Recovery Time Objective
How much time it will take to get back to a certain point
Used in conjunction with RPO

Question 9

RPO

Answer 9

Recovery point objective
What point is acceptable to recover to
In relation to data

Question 10

MTTR

Answer 10

Mean time to repair

How log is it going to take to fix an issue

Question 11

MTBF

Answer 11

Mean time between failures

Predict time between outages

Question 12

DRP

Answer 12

Disaster Recovery Plan

Detailed plan for resuming operations after an incident

Question 13

EDM

Answer 13

Exact data match

Used to match format of data (I.E. matching format of ssns)

Question 14

Cain and Abel

Answer 14

Password cracking tool, includes network packet sniffing, brute force cracking, dictionary attacks, cryptoanalysis, and Cisco VPN Client Password Decoding

Question 15

SLA

Answer 15

service level agreement- detailes terms under which the service is provided

Question 16

NAC

Answer 16

Network access control- endpoint security technology (anti-virus, HIPS, vulnerability assessments, user/system authentication, network security enforcement). Segments new remote workstations and scans them for malware and vulnerabilities then allows them to connect if it passes

Question 17

CCM

Answer 17

Cloud Control Matrix
From CSA
Applies to security controls in the cloud

Question 18

SPF

Answer 18

EMail authentication to detect forging sender addresses during email delivery

Question 19

DSUA

Answer 19

Specifies data can only be collected for a specific reason

Question 20

ISA

Answer 20

Used by Federal agencies interconnecting IT systems to 3rd party
Used to govern the relationlship

Question 21

27001

Answer 21

Standards for information security

Question 22

27002

Answer 22

Steps for implementation of information security controls

Code of practice

Question 23

27701

Answer 23

Privacy management

PIMS

Question 24

31000

Answer 24

Standards for risk management

Question 25

SOC Type I/II

Answer 25

Auditing of security controls I - point in time II - over at least 6 months

Question 26

Data owner

Answer 26

Responsible for the data

Question 27

Data controller

Answer 27

Manages purpose and means that the data is used

Question 28

Data processor

Answer 28

Processes data on behalf of controller | Typically 3rd party

Question 29

Data custodian/steward

Answer 29

Implements security controls Tags data Ensures compliance with laws

Question 30

Data protection officer (DPO)

Answer 30

Responsible for orgs data privacy | Sets policies, implements