Ch. 3 - Select Flashcards
A combination of mutually reinforcing controls implemented by technical means, physical means and procedural means. Such controls are typically selected to achieve a common information security or privacy purpose.
A. Control
B. Capability
C. Privacy Control
D. Hybrid Control
B. Capability
A security or privacy control that is inherited by multiple information systems or programs.
A. Crossbar Control
B. Common Control
C. Compensating Controls
D. Hybrid Control
B. Common Control
The security and privacy controls implemented in lieu of the controls in the baselines described in NIST Special Publication 800-53 that provide equivalent or comparable protection for a system or organization.
A. Common Control
B. Preventive Controls
C. Compensating Controls
D. System-Specific Control
C. Compensating Controls
Maintaining ongoing awareness to support organizational risk decisions.
A. Control Baseline
B. Common Control
C. Continuous Monitoring
D. Environment of Operation
C. Continuous Monitoring
The set of controls that are applicable to information or an information system to meet legal, regulatory or policy requirements, as well as address protection needs for the purpose of managing risk.
A. Change Management
B. Control Enhancement
C. Control Baseline
D. Control Revalidation
C. Control Baseline
Augmentation of a control to build in additional, but related, functionality to the control, increase the strength of the control or add assurance to the control.
A. Hybrid Control
B. Control Baseline
C. Control Enhancement
D. Compensating Controls
C. Control Enhancement
The physical surroundings in which an information system processes, stores and transmits information.
A. Organizational-Defined Control Parameter
B. Security Control Baseline
C. Environment of Operation
D. Information and Information Flows
C. Environment of Operation
A security or privacy control that is implemented for an information system in part as a common control and in part as a system-specific control.
A. Common Control
B. Tele-Op Control
C. System-Specific Control
D. Hybrid Control
D. Hybrid Control
A situation in which a system or application receives protection from controls (or portions of controls) that are developed, implemented, assessed, authorized and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides.
A. Inheritance
B. Capability
C. Adaptation
D. Tailoring
A. Inheritance
The variable part of a control or control enhancement that can be instantiated by an organization during the tailoring process by either assigning an organization-defined value or selecting a value from a predefined list provided as part of the control or control enhancement.
A. Organizational Tailored Control Baseline
B. Security Control Baseline
C. Common Control
D. Organization-Defined Control Parameter
D. Organization-Defined Control Parameter
A control baseline tailored for a defined notional (type of) information system using overlays and/or system-specific control tailoring and intended for use in selecting controls for multiple systems within one or more organizations.
A. Organization Defined Control Parameter
B. Organizational Tailored Control
C. Hybrid Control
D. System-Specific Control
B. Organizational Tailored Control
A specification of security or privacy controls, control enhancements, supplemental guidance and other supporting information employed during the tailoring process, that is intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems.
A. Diffusion
B. Thermal Barrier
C. Overlay
D. Tailoring
C. Overlay
The administrative, technical and physical safeguards employed within an agency to ensure compliance with applicable privacy requirements and manage privacy risks. Note: Controls can be selected to achieve multiple objectives; those controls that are selected to achieve both security and privacy objectives require a degree of collaboration between the organization’s information security program and privacy program.
A. Security Audit
B. Security Control
C. Common Control
D. Privacy Control
D. Privacy Control
Note: Controls can be selected to achieve multiple objectives; those controls that are selected to achieve both security and privacy objectives require a degree of collaboration between the organization’s information security program and privacy program.
A collection of controls specifically assembled or brought together by a group, organization or community of interest to address the privacy protection needs of individuals.
A. Security Control Baseline
B. Privacy Control Baseline
C. Tailored Control Baseline
D. Privacy Plan
B. Privacy Control Baseline
A formal document that details the privacy controls selected for an information system or environment of operation that are in place or planned for meeting applicable privacy requirements and managing privacy risks; details how the controls have been implemented; and describes the methodologies and metrics that will be used to assess the controls.
A. Backup Site Plan
B. Privacy Plan
C. Privacy Requirement
D. Security Plan
B. Privacy Plan