Asset Security Flashcards
1
Q
Why classify assets and data?
A
- determine how much time and effort should be spent protecting assets and data
2
Q
FIPS
A
- FIPS PUB 199
- Federal Information Processing Standards Publication
- standards for security categorization of federal information and information systems
- Security categorization is based on CIA for each information type
- Confidentiality: how bad is it if data is accessed by unauthorized person
- Integrity: how bad is it if the data is altered
- Availability: how bad is it if the data is destroyed
- Ranking system: high impact, moderate, low for each are of CIA
3
Q
What are the national security classifications of information?
A
- Top Secret: if disclosed would cause grave danger to national security
- Secret: cause serious damage to national security
- Confidential: cause damage to national security
4
Q
SBU
A
- sensitive but unclassified
5
Q
SSI
A
- sensitive security information
6
Q
CUI
A
- controlled unclassified information
7
Q
Proprietary
A
- data represented as intellectual property
8
Q
Confidential
A
- only for internal use
9
Q
Public
A
- free to distribute publicly
10
Q
Owner of data
A
- responsible for creating policy and guidance for data
- assign values to the asset/data
- classify the asset/data
- authorize access to asset/data
11
Q
Custodians of data
A
- implement controls and protections for data based on classification and policy
- manage, monitor, and report on data
12
Q
SAM
A
- software asset management
- document what is in use and where in use
- audit to verify compliance/licensing
- report and correct any problems with licensing
13
Q
Hardware Inventory Mangement
A
- document what is in use and where it is in use
- ## track (by MAC) from onboard of hardware all the way to disposal
14
Q
What is the first step of Configuration Mangement?
A
- getting a baseline config (bc)
- BC is a security configuration profile
15
Q
How do you monitor changes in Configuration Management?
A
- change control process
- change advisory board that approves the change