Ch. 1 - Security Principles Flashcards
Ensure the data has not been altered in an unauthorized manner.
A. Confidentiality
B. Integrity
C. Availability
D. Non-Repudiation
B. Integrity
Protect the data that needs protection and prevent access to unauthorized individuals.
A. Integrity
B. Availability
C. Identification
D. Confidentiality
D. Confidentiality
Ensure data is accessible to authorized users when and where it is needed, and in the form and format that is required.
A. Availability
B. Confidentiality
C. Integrity
D. Assessment
A. Availability
Risk Treatment:
Taking no action to reduce the likelihood of a risk occurring.
A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
D. Risk Transfer
A. Risk Acceptance
Risk Treatment:
The decision to attempt to eliminate the risk entirely.
A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
D. Risk Transfer
B. Risk Avoidance
Risk Treatment:
The most common type of risk management and includes taking actions to prevent or reduce the possibility of a risk event or its impact.
A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
D. Risk Transfer
C. Risk Mitigation
Risk Treatment:
The practice of passing the risk to another party, who will accept the financial impact of the harm resulting from a risk being realized in exchange for payment.
A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
D. Risk Transfer
D. Risk Transfer
Security Controls:
Physical hardware devices, such as a badge reader, architectural features of buildings and facilities that address process-based security needs.
A. Administrative Controls
B. Technical Controls
C. Physical Controls
D. Polity Controls
C. Physical Controls
Security Controls:
Also called logical controls, security controls that computer systems and networks directly implement.
A. Administrative Controls
B. Technical Controls
C. Physical Controls
D. Polity Controls
B. Technical Controls
Security Controls:
Also known as managerial controls, directives, guidelines or advisories aimed at the people within the organization.
A. Administrative Controls
B. Technical Controls
C. Physical Controls
D. Polity Controls
A. Administrative Controls
Governance Elements:
Commonly issued in the form of laws, usually from government (not to be confused with governance) and typically carry financial penalties for non-compliance.
A. Procedures
B. Policies
C. Standards
D. Regulations
D. Regulations
Governance Elements:
Used by governance teams to provide a framework to introduce policies and procedures in support of regulations.
A. Procedures
B. Policies
C. Standards
D. Regulations
C. Standards
Governance Elements:
Put in place by organizational governance, such as executive management, to provide guidance to all activities to ensure that the organization supports industry standards and regulations.
A. Procedures
B. Policies
C. Standards
D. Regulations
B. Policies
Governance Elements:
The detailed steps to complete a task that support departmental or organizational policies.
A. Procedures
B. Policies
C. Standards
D. Regulations
A. Procedures
Which formula is correct?
A. Level of Risk = Probability + Impact
B. Level of Risk = Severity + Cause
C. Level of Risk = Impact + Cause
D. Level of Risk = Probability + Severity
A. Level of Risk = Probability + Impact
Definitions:
Anything of value that is owned by an organization.
Asset
Definitions:
Access control process validating that the identity being claimed by a user or entity is known to the system, by comparing one or more factors of identification.
A. Authentication
B. Availability
C. Confidentiality
D. Integrity
A. Authentication
Definitions:
The right or a permission that is granted to a system entity to access a system resource.
A. Authentication
B. Availability
C. Confidentiality
D. Authorization
D. Authorization
Definitions:
Ensuring timely and reliable access to and use of information by authorized users.
A. Authentication
B. Availability
C. Confidentiality
D. Integrity
B. Availability
Definitions:
A documented, lowest level of security configuration allowed by a standard or organization.
Baseline