Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Certified in Governance, Risk and Compliance (CGRC) > Ch. 2 - Categorize > Flashcards

Ch. 2 - Categorize Flashcards

1
Q

All components of an information system to be authorized for operation by an authorizing official. This excludes separately authorized systems to which the information system is connected.

A. Authorization Boundary
B. Information Type
C. System Component
D. Security Categorization

A

A. Authorization Boundary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The material physical components of a system.

A. Impact Value
B. Hardware
C. Software
D. Information

A

B. Hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A system in which at least one security objective (i.e., confidentiality, integrity or availability) is assigned a FIPS Publication 199 potential impact value of high.

A. High-Impact System
B. Impact Value
C. Low-Impact System
D. National Security System

A

A. High-Impact System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

With respect to security, the effect on organizational operations, organizational assets, individuals, other organizations or the nation (including the national security interests of the United States) of a loss of confidentiality, integrity, or availability of information or a system. With respect to privacy, the adverse effects that individuals could experience when an information system processes their PII.

A. Impact
B. Vulnerability
C. Likelihood
D. Threat

A

A. Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The assessed worst-case potential impact that could result from a compromise of the confidentiality, integrity, or availability of information expressed as a value of low, moderate or high.

A. Risk Assessment
B. Impact Value
C. Information
D. Potential Impact

A

B. Impact Value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Any communication or representation of knowledge such as facts, data or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, electronic or audiovisual forms.

A. Software
B. Knowledge
C. Hardware
D. Information

A

D. Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The stages through which information passes, typically characterized as creation or collection, processing, dissemination, use, storage and disposition, to include destruction and deletion.

A. Term of Agreement
B. Impact Assessment
C. Information Life Cycle
D. Security Categorization

A

C. Information Life Cycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of information.

A. Information System
B. System Component
C. Hardware
D. Software

A

A. Information System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor-sensitive, security management) defined by an organization or, in some instances, by a specific law, executive order, directive, policy or regulation.

A. Sensitive Data
B. Security Category
C. Information Type
D. Impact Level

A

C. Information Type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A system in which all three security objectives (i.e., confidentiality, integrity and availability) are assigned a FIPS Publication 199 potential impact value of low.

A. Impact Value
B. High-Impact System
C. Low-Impact System
D. Moderate-Impact System

A

C. Low-Impact System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS Publication 199 potential impact value of moderate and no security objective is assigned a potential impact value of high.

A. High-Impact System
B. Moderate-Impact System
C. Impact Value
D. Low-Impact Value

A

B. Moderate-Impact System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Any system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—(i) the function, operation or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics and personnel management applications); or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.

A. High-Impact System
B. National Security System
C. Privacy Plan
4. Authorization Boundary

A

B. National Security System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.

A. General Data Protection Regulation
B. Identification
C. Social Security Number
D. Personally Identifiable Information (PII)

A

D. Personally Identifiable Information (PII)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The loss of confidentiality, integrity or availability could be expected to have a limited adverse effect (FIPS Publication 199 low); a serious adverse effect (FIPS Publication 199 moderate); or a severe or catastrophic adverse effect (FIPS Publication 199 high) on organizational operations, organizational assets or individuals.

A. Observed Activity
B. High-Impact System
C. Impact Level
D. Potential Impact

A

D. Potential Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A formal document that details the privacy controls selected for an information system or environment of operation that are in place or planned for meeting applicable privacy requirements and managing privacy risks, details how the controls have been implemented, and describes the methodologies and metrics that will be used to assess the controls.

A. Privacy Plan
B. Privacy Requirements
C. Disaster-Recovery Plan
D. Security Plan

A

A. Privacy Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Information that describes the privacy posture of an information system or organization.

A. Sensitive Information
B. Privacy Information
C. Business Practices
D. Security Objective

A

B. Privacy Information

17
Q

The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations and the nation, resulting from the operation of a system.

A. Potential Impact
B. Security Categorization
C. Impact Value
D. Risk Assessment

A

D. Risk Assessment

18
Q

The process of determining the security category for information or a system.

A. Security Plan
B. Baseline Controls
C. Information
D. Security Categorization

A

D. Security Categorization

Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS Publication 199 for other than national security systems.

19
Q

The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity or availability of such information or information system would have on agency operations, agency assets, individuals, other organizations and the nation.

A. Security Category
B. Impact Value
C. Adequate Security
D. Potential Impact

A

A. Security Category

20
Q

Confidentiality, integrity or availability.

A. Privacy Information
B. Security Objective
C. Security Requirement
D. Security Categorization

A

B. Security Objective

21
Q

A formal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements.

A. Contingency Plan
B. Security Plan
C. Privacy Plan
D. Security Categorization

A

C. Privacy Plan

22
Q

Computer programs and associated data that may be dynamically written or modified during execution.

A. Software
B. Security Objective
C. Hardware
D. Information System

A

A. Software

23
Q

A discrete identifiable information technology asset that represents a building block of a system and may include hardware, software and firmware.

A. System Component
B. Environment
C. Information System
D. Common Criteria

A

A. System Component

24
Q

Member of a set of elements that constitute a system.

A. System Component
B. System Element
C. Security Plan
D. Privacy Plan

A

B. System Element

Certified in Governance, Risk and Compliance (CGRC) (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions