Ch. 3 - Select Flashcards

1
Q

A combination of mutually reinforcing controls implemented by technical means, physical means and procedural means. Such controls are typically selected to achieve a common information security or privacy purpose.

A. Control
B. Capability
C. Privacy Control
D. Hybrid Control

A

B. Capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security or privacy control that is inherited by multiple information systems or programs.

A. Crossbar Control
B. Common Control
C. Compensating Controls
D. Hybrid Control

A

B. Common Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The security and privacy controls implemented in lieu of the controls in the baselines described in NIST Special Publication 800-53 that provide equivalent or comparable protection for a system or organization.

A. Common Control
B. Preventive Controls
C. Compensating Controls
D. System-Specific Control

A

C. Compensating Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Maintaining ongoing awareness to support organizational risk decisions.

A. Control Baseline
B. Common Control
C. Continuous Monitoring
D. Environment of Operation

A

C. Continuous Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The set of controls that are applicable to information or an information system to meet legal, regulatory or policy requirements, as well as address protection needs for the purpose of managing risk.

A. Change Management
B. Control Enhancement
C. Control Baseline
D. Control Revalidation

A

C. Control Baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Augmentation of a control to build in additional, but related, functionality to the control, increase the strength of the control or add assurance to the control.

A. Hybrid Control
B. Control Baseline
C. Control Enhancement
D. Compensating Controls

A

C. Control Enhancement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The physical surroundings in which an information system processes, stores and transmits information.

A. Organizational-Defined Control Parameter
B. Security Control Baseline
C. Environment of Operation
D. Information and Information Flows

A

C. Environment of Operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A security or privacy control that is implemented for an information system in part as a common control and in part as a system-specific control.

A. Common Control
B. Tele-Op Control
C. System-Specific Control
D. Hybrid Control

A

D. Hybrid Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A situation in which a system or application receives protection from controls (or portions of controls) that are developed, implemented, assessed, authorized and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides.

A. Inheritance
B. Capability
C. Adaptation
D. Tailoring

A

A. Inheritance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The variable part of a control or control enhancement that can be instantiated by an organization during the tailoring process by either assigning an organization-defined value or selecting a value from a predefined list provided as part of the control or control enhancement.

A. Organizational Tailored Control Baseline
B. Security Control Baseline
C. Common Control
D. Organization-Defined Control Parameter

A

D. Organization-Defined Control Parameter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A control baseline tailored for a defined notional (type of) information system using overlays and/or system-specific control tailoring and intended for use in selecting controls for multiple systems within one or more organizations.

A. Organization Defined Control Parameter
B. Organizational Tailored Control
C. Hybrid Control
D. System-Specific Control

A

B. Organizational Tailored Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A specification of security or privacy controls, control enhancements, supplemental guidance and other supporting information employed during the tailoring process, that is intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems.

A. Diffusion
B. Thermal Barrier
C. Overlay
D. Tailoring

A

C. Overlay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The administrative, technical and physical safeguards employed within an agency to ensure compliance with applicable privacy requirements and manage privacy risks. Note: Controls can be selected to achieve multiple objectives; those controls that are selected to achieve both security and privacy objectives require a degree of collaboration between the organization’s information security program and privacy program.

A. Security Audit
B. Security Control
C. Common Control
D. Privacy Control

A

D. Privacy Control

Note: Controls can be selected to achieve multiple objectives; those controls that are selected to achieve both security and privacy objectives require a degree of collaboration between the organization’s information security program and privacy program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A collection of controls specifically assembled or brought together by a group, organization or community of interest to address the privacy protection needs of individuals.

A. Security Control Baseline
B. Privacy Control Baseline
C. Tailored Control Baseline
D. Privacy Plan

A

B. Privacy Control Baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A formal document that details the privacy controls selected for an information system or environment of operation that are in place or planned for meeting applicable privacy requirements and managing privacy risks; details how the controls have been implemented; and describes the methodologies and metrics that will be used to assess the controls.

A. Backup Site Plan
B. Privacy Plan
C. Privacy Requirement
D. Security Plan

A

B. Privacy Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The safeguards or countermeasures prescribed for an information system or an organization to protect the confidentiality, integrity and availability of the system and its information.

A. System-Specific Control
B. Privacy Control
C. Security Control
D. Administrative Control

A

C. Security Control

17
Q

The set of minimum-security controls defined for a low-impact, moderate-impact or high-impact information system.

A. Security Control Baseline
B. System-Specific Control
C. Common Control
D. Hybrid Control

A

A. Security Control Baseline

18
Q

Confidentiality, integrity or availability.

A. Security Objective
B. Security Control
C. Security Requirement
D. Security Category

A

A. Security Objective

19
Q

Any organized assembly of resources and procedures united and regulated by interaction or interdependence to accomplish a set of specific functions.

A. Privacy Plan
B. System Element
C. System
D. System Component

A

C. System

Note: Systems also include specialized systems such as industrial/process control systems, telephone switching and private branch exchange (PBX) systems and environmental control systems. Combination of interacting elements organized to achieve one or more stated purposes.
Note 1: There are many types of systems. Examples include: general and special-purpose information systems; command, control and communication systems; crypto modules; central processing unit and graphics processor boards; industrial/process control systems; flight control systems; weapons, targeting and fire control systems; medical devices and treatment systems; financial, banking and merchandising transaction systems; and social networking systems. Note 2: The interacting elements in the definition of system include hardware, software, data, humans, processes, facilities, materials and naturally occurring physical entities.
Note 3: System of systems is included in the definition of system.

20
Q

A discrete identifiable information technology asset that represents a building block of a system and may include hardware, software and firmware.

A. System-Specific Control
B. Hybrid Control
C. Standard Command Port
D. System Component

A

D. System Component

21
Q

Member of a set of elements that constitute a system.

A. System Component
B. System
C. System Element
D. Privacy Plan

A

C. System Element

Note 1: A system element can be a discrete component, product, service, subsystem, system, infrastructure or enterprise.
Note 2: Each element of the system is implemented to fulfill specified requirements.
Note 3: The recursive nature of the term allows the term system to apply equally when referring to a discrete component or to a large, complex, geographically distributed system-of-systems.
Note 4: System elements are implemented by: hardware, software and firmware that perform operations on data/information; physical structures, devices and components in the environment of operation; and the people, processes and procedures for operating, sustaining and supporting the system elements.
Note 5: System elements and information resources (as defined at 44 U.S.C. Sec. 3502 and in this document) are interchangeable terms as used in this document.

22
Q

A security or privacy control for an information system that is implemented at the system level and is not inherited by any other information system.

A. Hybrid Control
B. System-Specific Control
C. Common Control
D. System Component

A

B. System-Specific Control

23
Q

A set of controls resulting from the application of tailoring guidance to a control baseline.

A. Hybrid Control
B. Tailored Control Baseline
C. Tailoring
D. Scoping Control

A

B. Tailored Control Baseline

24
Q

The process by which security control baselines are modified by identifying and designating common controls, applying scoping considerations, selecting compensating controls, assigning specific values to agency-defined control parameters, supplementing baselines with additional controls or control enhancements and providing additional specification information for control implementation.

A. Common Control
B. Tailoring
C. Baseline
D. Overlay

A

B. Tailoring

The tailoring process may also be applied to privacy controls.