Chapter 1 Flashcards

1
Q

When evaluating a third party for security integration what should be considered?

A

On-site assessment
Document Exchange and Review
Process/Policy Review
Third Party Audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What role is responsible for classifying information for placement and protection of the security solution ?

A

Asset Owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What role is responsible for performing and testing backups, validating data integrity, deploying security solutions, and managing data storage based on classification?

A

Custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the three approaches to identifying threats?

A

Focused on Assets
Focused on Attackers
Focused on Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the five key concepts in the decomposition process?

A

Trust Boundaries
Dataflow Paths
Input Points
Privilege Ops
Details about Security Stance and Approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly