C1 Information Asset Protection Flashcards
What is IAP?
Information Asset Protection
What are the six 2011 FBI basic protection practices/steps for protecting IAs?
1) Recognize there is an insider and outsider threat to your company.
2) Identify and valuate trade secrets.
3) Implement a proactive plan for safeguarding trade secrets.
4) Secure physical and electronic versions of your trade secrets
5) Confine intellectual knowledge on a need to know basis
6) Provide training to employees about your company’s intellectual property plan and security .
What is OPSEC?
OPerations SECurity is a protection approach to protect unclassified information that could reveal sensitive plans and operations.
What does ISS Stand for?
Information System Security
What is data Mining?
Software driven collection of open source data and public information.
What is TSCM?
Technical Surveillance CounterMeasures are services equipment and techniques designed to locate, identify and neutralize technical surveillance activities.
What is logical network access control?
The process by which users are identified and granted privileges to information, systems, or resources.
What is Application Security?
Business Applications typically consist of custom code, third party software, and one or more servers. Improper integration can result in vulnerabilities that can alter be exploited to gain unauthorized access to data.
What is Sanitizing?
The process of removing data on storage medium (such as a hard drive) before the medium is reused.
What is a Digital Signature?
A digital signature authenticates the identify of the sender of a message.
What are the 7 critical success factors outlined by Braun and Stahl? What is the 8th factor?
1) Executive management responsibility
2) Information and Security Policies
3) User awareness training and education
4) Computer and network security
5) Third-party information security assurance
6) Physical and personnel security
7) Period risk Assessment8) Classifying and Controlling Sensitive information
What is failure of imagination?
Failure to imagine how a successful attack can occur, then it does.
What does AAA stand for?
Authentication, authorization and accountability/auditing
What are the 5 categories of Information Systems? How can each be manipulated or poorly implemented?
1) Infrastructure. (Bad web links)
2) User (social engineering)
3) Custodian (excess permissions, inadequate monitoring or training. )
4) Executive and senior management. (lack of accountability/polices etc.)
5) Management Processes (inadequate patch manage, change control, protection of networks, software testing)
How is PDCA applied to ISMS?
Plan- Establish the ISMS
Do-implement and operate the ISMS
Check-Monitor and review the ISMS
Act-Maintain and Improve the ISMS
