Ch. 2 - Categorize Flashcards
All components of an information system to be authorized for operation by an authorizing official. This excludes separately authorized systems to which the information system is connected.
A. Authorization Boundary
B. Information Type
C. System Component
D. Security Categorization
A. Authorization Boundary
The material physical components of a system.
A. Impact Value
B. Hardware
C. Software
D. Information
B. Hardware
A system in which at least one security objective (i.e., confidentiality, integrity or availability) is assigned a FIPS Publication 199 potential impact value of high.
A. High-Impact System
B. Impact Value
C. Low-Impact System
D. National Security System
A. High-Impact System
With respect to security, the effect on organizational operations, organizational assets, individuals, other organizations or the nation (including the national security interests of the United States) of a loss of confidentiality, integrity, or availability of information or a system. With respect to privacy, the adverse effects that individuals could experience when an information system processes their PII.
A. Impact
B. Vulnerability
C. Likelihood
D. Threat
A. Impact
The assessed worst-case potential impact that could result from a compromise of the confidentiality, integrity, or availability of information expressed as a value of low, moderate or high.
A. Risk Assessment
B. Impact Value
C. Information
D. Potential Impact
B. Impact Value
Any communication or representation of knowledge such as facts, data or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, electronic or audiovisual forms.
A. Software
B. Knowledge
C. Hardware
D. Information
D. Information
The stages through which information passes, typically characterized as creation or collection, processing, dissemination, use, storage and disposition, to include destruction and deletion.
A. Term of Agreement
B. Impact Assessment
C. Information Life Cycle
D. Security Categorization
C. Information Life Cycle
A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of information.
A. Information System
B. System Component
C. Hardware
D. Software
A. Information System
A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor-sensitive, security management) defined by an organization or, in some instances, by a specific law, executive order, directive, policy or regulation.
A. Sensitive Data
B. Security Category
C. Information Type
D. Impact Level
C. Information Type
A system in which all three security objectives (i.e., confidentiality, integrity and availability) are assigned a FIPS Publication 199 potential impact value of low.
A. Impact Value
B. High-Impact System
C. Low-Impact System
D. Moderate-Impact System
C. Low-Impact System
A system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS Publication 199 potential impact value of moderate and no security objective is assigned a potential impact value of high.
A. High-Impact System
B. Moderate-Impact System
C. Impact Value
D. Low-Impact Value
B. Moderate-Impact System
Any system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—(i) the function, operation or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics and personnel management applications); or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.
A. High-Impact System
B. National Security System
C. Privacy Plan
4. Authorization Boundary
B. National Security System
Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.
A. General Data Protection Regulation
B. Identification
C. Social Security Number
D. Personally Identifiable Information (PII)
D. Personally Identifiable Information (PII)
The loss of confidentiality, integrity or availability could be expected to have a limited adverse effect (FIPS Publication 199 low); a serious adverse effect (FIPS Publication 199 moderate); or a severe or catastrophic adverse effect (FIPS Publication 199 high) on organizational operations, organizational assets or individuals.
A. Observed Activity
B. High-Impact System
C. Impact Level
D. Potential Impact
D. Potential Impact
A formal document that details the privacy controls selected for an information system or environment of operation that are in place or planned for meeting applicable privacy requirements and managing privacy risks, details how the controls have been implemented, and describes the methodologies and metrics that will be used to assess the controls.
A. Privacy Plan
B. Privacy Requirements
C. Disaster-Recovery Plan
D. Security Plan
A. Privacy Plan
Information that describes the privacy posture of an information system or organization.
A. Sensitive Information
B. Privacy Information
C. Business Practices
D. Security Objective
B. Privacy Information
The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations and the nation, resulting from the operation of a system.
A. Potential Impact
B. Security Categorization
C. Impact Value
D. Risk Assessment
D. Risk Assessment
The process of determining the security category for information or a system.
A. Security Plan
B. Baseline Controls
C. Information
D. Security Categorization
D. Security Categorization
Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS Publication 199 for other than national security systems.
The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity or availability of such information or information system would have on agency operations, agency assets, individuals, other organizations and the nation.
A. Security Category
B. Impact Value
C. Adequate Security
D. Potential Impact
A. Security Category
Confidentiality, integrity or availability.
A. Privacy Information
B. Security Objective
C. Security Requirement
D. Security Categorization
B. Security Objective
A formal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements.
A. Contingency Plan
B. Security Plan
C. Privacy Plan
D. Security Categorization
C. Privacy Plan
Computer programs and associated data that may be dynamically written or modified during execution.
A. Software
B. Security Objective
C. Hardware
D. Information System
A. Software
A discrete identifiable information technology asset that represents a building block of a system and may include hardware, software and firmware.
A. System Component
B. Environment
C. Information System
D. Common Criteria
A. System Component
Member of a set of elements that constitute a system.
A. System Component
B. System Element
C. Security Plan
D. Privacy Plan
B. System Element
