Chapter 1 Flashcards
When evaluating a third party for security integration what should be considered?
On-site assessment
Document Exchange and Review
Process/Policy Review
Third Party Audit
What role is responsible for classifying information for placement and protection of the security solution ?
Asset Owner
What role is responsible for performing and testing backups, validating data integrity, deploying security solutions, and managing data storage based on classification?
Custodian
What are the three approaches to identifying threats?
Focused on Assets
Focused on Attackers
Focused on Software
What are the five key concepts in the decomposition process?
Trust Boundaries
Dataflow Paths
Input Points
Privilege Ops
Details about Security Stance and Approach