Ch. 8 Flashcards
List 5 IT-related controls
SCPPA
- Security
- Confidentiality
- Privacy
- Processing Integrity
- Availability
Define Security
Access (both physical and logical) to the system and its data is controlled and restricted to legitimate users
Define Confidentiality
Sensitive organization information is protected from unauthorized disclosure
Define Privacy
Personal information about customers, employees, suppliers, or business partners is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure
Define Processing Integrity
Data are processed accurately, completely, in a timely manner, and only with proper authorization
Define Availability
The system and its information are available to meet operation and conctractual obligations
Security Life Cycle
- Assess threats & select risk response
- Develop and communicate policy
- Acquire & implement solutions
- Monitor performance
Define defense-in-depth
Employing multiple layers of controls to avoid a single point of failure
Define time-based model of security
Implementing a combination of preventive, detective, and corrective controls that protect information assets long enough for the organization to respond before damage is done
Time-based Formula
P > D + C
Define Authentication
Verifying the identity of the person or device attempting to access the system
Define Biometric identifier
A physical or behavioral characteristic that is used as an authentication credential
Define multifactor authentication
The use of two or more types of authentication credentials in order to achieve greater security
Define multimodal
Use of multiple authentication credentials of the same type to achieve greater security
Define Authorization
The process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform
