Asset Security Flashcards

1
Q

Why classify assets and data?

A
  • determine how much time and effort should be spent protecting assets and data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

FIPS

A
  • FIPS PUB 199
  • Federal Information Processing Standards Publication
  • standards for security categorization of federal information and information systems
  • Security categorization is based on CIA for each information type
  • Confidentiality: how bad is it if data is accessed by unauthorized person
  • Integrity: how bad is it if the data is altered
  • Availability: how bad is it if the data is destroyed
  • Ranking system: high impact, moderate, low for each are of CIA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the national security classifications of information?

A
  • Top Secret: if disclosed would cause grave danger to national security
  • Secret: cause serious damage to national security
  • Confidential: cause damage to national security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SBU

A
  • sensitive but unclassified
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SSI

A
  • sensitive security information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CUI

A
  • controlled unclassified information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Proprietary

A
  • data represented as intellectual property
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Confidential

A
  • only for internal use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Public

A
  • free to distribute publicly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Owner of data

A
  • responsible for creating policy and guidance for data
  • assign values to the asset/data
  • classify the asset/data
  • authorize access to asset/data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Custodians of data

A
  • implement controls and protections for data based on classification and policy
  • manage, monitor, and report on data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SAM

A
  • software asset management
  • document what is in use and where in use
  • audit to verify compliance/licensing
  • report and correct any problems with licensing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Hardware Inventory Mangement

A
  • document what is in use and where it is in use
  • ## track (by MAC) from onboard of hardware all the way to disposal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the first step of Configuration Mangement?

A
  • getting a baseline config (bc)

- BC is a security configuration profile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How do you monitor changes in Configuration Management?

A
  • change control process

- change advisory board that approves the change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are examples of PII?

A
  • social security number
  • driver’s license number
  • passport number
  • credit card number
17
Q

PHI

A
  • protected health information

-

18
Q

What are examples of privacy regulations?

A
  • GDPR

- HIPPA

19
Q

COPPA

A
  • Children’s Online Privacy Protection Rule

- rules about collecting online data regarding inviduals who are under 13 years of age

20
Q

PIA

A
  • Privacy Impact Assessment

- defines how an organization collects personal data, how it is stored, how it is shared

21
Q

PTA

A
  • Privacy Threshold Assessment

- same questions as PIA

22
Q

GLBA

A
  • Gramm-Leach-Billey Act

- Financial information