B4-Security Flashcards

1
Q

Technologies and Security Management Features

A

A. Safeguarding Records and Files-all critical application data should be backed up and stored in a secure off-site location.

B. Backup Files

  1. Son-Father-Grandfather Concept-most recent file is the son, the second most is the father, and the preceding file is the grandfather. Periodic transaction files are stored separately. Alwys at least two backup files that can be used to recreate the destroyed file
  2. Backup of Systems that Can be shut down-files or databases that have changed since the last back up can be backed up.
  3. Backup of systems that do not shut down-applying a transaction log; reapplying thos trans to get back tothe point immediately before failure
  4. Mirroring-backup computer to duplicated all of the processes and trans on the primary computer. Can be very expensive.

C. Uninterrupted Power Supply-device that maintains a continuous supply of electricalpower to connected equipment.

D. Program Modification Controls-include both controls designed to prevent changes by unauthroized personnel and contorls that track program changes so that there is a record ofwhat version sof what programs are running production at any specific point in time.

E. Data Encryption-essential for electronic comerce. Involves using a password or a digital key to scrampble a readable (plaintext) message into a unreadable (ciphertext) message. The intended recipient of the message then uses another digital key to decrypt or decipher the ciphertext message back into plaintext. The longer the length of the key, the less likely the key is to be broken by a brute force attack.

  1. Digital Certificates-electronic docments created and digitally signed by a trusted party which certifies the identity of the owners of a particluar public key. Public Key Infrastructure (PKI)-refers to the system and processes used to issue and manage asymmetric keys and digital certificates. The org that issues public and private keys ana drecords the bpulic key in a digital cert is called a certificate authority.
  2. Digital Signatures

F. Managing Passwords

  1. Password Length
  2. Password Complexity
  3. Password Age
  4. Password Reuse

G. User Access

  1. Initial Passwords and Authorization for System Access
  2. Changes in Position-disable accounts when an employee leaves org
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Policies

A

Most crucial element in a corporate information security infrastructure

and must be considered long before security technology is acquired and deployed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Policies

Security Policy Defined

A

Document that states how an org plans to protect its tangible and intangible information assets. They include

  1. Mgmnt instructions-indicating course of action, a guiding principle, or an appropriate procedure
  2. High-level statements that provide guidance to workers who must make present and future decisions
  3. Generalized requirements that must be written and communicated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Polices

Types of Policies

A

Program Level Policy-mission statement for IT security.Describes info security and assigns responsibility for achievement of security objectives to the IT department.

Program Framework Policy-an expression of strategy. Overall stragety to make mission statement a reality.

Issue Specific Policy-addresses specific issues of concern (how to handle cloud computing)

System Specific Policy-focuses on policy issues that exist for a specific system (the payroll system)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly