BEC 6 M4: Information Security and Availability Flashcards

1
Q

symmetric encryption

A

both parties use the same, shared, private key to encrypt and decrypt the message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

asymmetric encryption

A

private key is not shared and the public key provides the other half necessary to encrypt/decrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

decryption/decipherment

A

where intended recipients converts cipher text into plain text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

public key infastructure

A

system and processes used to issue and manage asymmetric keys and digital certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Program-level policy

A

describes info security and assigns responsibility for achievement of security objectives to the IT department

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Issue-specific policy

A

addresses specific issues of concern to the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

program-framework policy

A

adds detail to the IT program by describing the elements and organization of the program and department that will carry out the security mission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

System-specific polocy

A

focuses on policy issues that management has decided for a specific system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

administrative controls examples

A

separation of duties, business continuity planning, proper hiring practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

logical controls

A

software safeguards for an entity’s computer systems identification and software access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

firewall

A

allows private intranet users to access the Internet without allowing Internet users access to private intranet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

general control

A

designed to ensure an organization’s control environment is stable and well managed:

  1. systems development standards
  2. security mgt controls
  3. change mgt controld
  4. software acquisition, development, operations and maintenance controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

application control

A

prevent, detect and correct transaction error and fraud and are application-specific, providing reasonable assurance as to a system accuracy, completeness and validity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

processing controls

A

reconciliation of batch totals and similar procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What do factors are key in a disaster recovery plan?

A

Downtown (or complete lack thereof) and backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

cold site

A

off-site location that has all the electircal connections and other physical requirements for data processing, but does not have the actual equipment

17
Q

hot site

A

off-site location that is equipped to take over a company’s data processing

18
Q

Differential backup

A

copies all changes made since last full backup

19
Q

incremental backup

A

involves copying only the data items that have been changed since last backup

20
Q

closed loop verification

A

involves one party verifying the identity of another party

21
Q

primary purpose of a disaster recovery plan

A

specify the steps required to resume operations