BEC 6 M4: Information Security and Availability Flashcards
symmetric encryption
both parties use the same, shared, private key to encrypt and decrypt the message
asymmetric encryption
private key is not shared and the public key provides the other half necessary to encrypt/decrypt
decryption/decipherment
where intended recipients converts cipher text into plain text
public key infastructure
system and processes used to issue and manage asymmetric keys and digital certificate
Program-level policy
describes info security and assigns responsibility for achievement of security objectives to the IT department
Issue-specific policy
addresses specific issues of concern to the organization
program-framework policy
adds detail to the IT program by describing the elements and organization of the program and department that will carry out the security mission
System-specific polocy
focuses on policy issues that management has decided for a specific system
administrative controls examples
separation of duties, business continuity planning, proper hiring practices
logical controls
software safeguards for an entity’s computer systems identification and software access
firewall
allows private intranet users to access the Internet without allowing Internet users access to private intranet
general control
designed to ensure an organization’s control environment is stable and well managed:
- systems development standards
- security mgt controls
- change mgt controld
- software acquisition, development, operations and maintenance controls
application control
prevent, detect and correct transaction error and fraud and are application-specific, providing reasonable assurance as to a system accuracy, completeness and validity
processing controls
reconciliation of batch totals and similar procedures
What do factors are key in a disaster recovery plan?
Downtown (or complete lack thereof) and backup