Assets Security

Question 1

What are the Information Life Cycles

Answer 1

Classification
Categorization
Ownership
Maintenance

Question 2

Data Classification

Answer 2

helps organization to understand what the data-oriented ramifications of exploitation are

Question 3

What are the Data Classification labels

Answer 3

Top Secret
Secret
Confidential
Sensitive but unclassified (SBU)
Unclassified

Question 4

What are the Data Classifications Criteria

Answer 4

Value - what is it worth
Age - How current is the information (useful if beyond 5 years?)
Useful life - At what point is it no longer worth protecting
Personal Association - Medical records, personnel files

Question 5

Examples of regulated data

Answer 5

Card Holder Data (CHD) - cc#, name, expiration
Personally Identifiable Information (PII) - name, address, SSN, DOB
Protect Health Information (PHI) - PII + related health information

Question 6

What are the roles for Data Ownership

Answer 6

Business/Mission Owner
Data (Information) Owner
System Owner
Custodians
Users

Question 7

What is Business/Mission Owner

Answer 7

Senior Leadership
provide adequate funding and manpower to implement
enforce program policy when needed

Question 8

What is Data Owner

Answer 8

Also know as Information Owner
Accountable for the data
Determines who can access

Question 9

What is System Owner

Answer 9

Owns the OS, DB, responsible for the patching etc..

Question 10

What is Custodians

Answer 10

Hands on to achieve data protection
Performing testing and verifying backup
Data Restoration

Question 11

What are users of data

Answer 11

Individuals who be granted access to use data as part of their job

Question 12

What is a Data Controller

Answer 12

creates/manages sensitive data

must legally ensure security of data access by data processor

Question 13

What is a Data Processor

Answer 13

3rd party that access the organization sensitive data

Question 14

What is degaussing

Answer 14

applying large magnetic field to erase magnetic media (hard disk)

Question 15

What is best way to remove data

Answer 15

Degaussing

Destruction

Question 16

What are the types of data storage & memory

Answer 16

Real, main, or primary memory
Secondary memory/storage
Write Once Read Many (WORM)
Volatile Storage
Non-volatile storage
Sequential storage

Question 17

What is primary memory/storage

Answer 17

Ram

Question 18

What is secondary memory/storage

Answer 18

Disk

Question 19

What is volatile memory

Answer 19

Directly access by CPU
SRAM/DRAM
Need power to persist

Question 20

What is non-volatile memory

Answer 20

Stored in location not accessible by CPU

Think firmware

Question 21

What is Random Access Storage

Answer 21

RAM - can access randomly

Question 22

What is sequential storage

Answer 22

Write and read in sequence - think of tape backup

Question 23

What are the types of RAM

Answer 23

Registers
SRAM (cache memory)
DRAM
General rule - fastest memory is closest to the CPU

Question 24

Programmable ROM (PROM)

Answer 24

Modified Once

Firmware

Question 25

Erasable and Programmable ROM (EPROM)

Answer 25

can be erased and reprogrammed

Not the norm

Question 26

Electrically Erasable Prom (EEPROM)

Answer 26

rewritten and rewritten
Flash drive
Firmware

Question 27

Programmable Logic Device (PLD)

Answer 27

Integrated circuit that be modified programmatically

What PROM, EPROM, EEPROM is referred to

Question 28

ISO 27002

Answer 28

Best practices

Formerly 17799

Question 29

ISO 27001

Answer 29

Auditing

Question 30

What is scoping

Answer 30

determining applicable portions of a standard that will be followed.

Question 31

What is tailoring

Answer 31

customizes a standard for an organization

Begins with scoping, then add compensating control and parameters

Question 32

What organization manages RFC (Request for Comments)

Answer 32

IETF

Question 33

What is SRAM

Answer 33

volatile, fast, less amount, cache

Question 34

What is DRAM

Answer 34

Refresh regular basis, cheapest