Chapter 1: Security Principles Flashcards
Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of information.
Adequate Security
Controls implemented through policy and procedures. Examples include access control processes and requiring multiple personnel to conduct a specific operation. This type of controls in modern environments are often enforced in conjunction with physical and/or technical controls, such as an access-granting policy for new users that requires login and approval by the hiring manager.
Administrative Controls
The ability of computers and robots to simulate human intelligence and behavior.
Artificial Intelligence
Anything of value that is owned by an organization. It includes both tangible items such as information systems and physical property and intangible property such as intellectual property.
Asset
Access control process validating that the identity being claimed by a user or entity is known to the system, by comparing one (single-factor or SFA) or more (multi-factor authentication or MFA) factors of identification.
Authentication
The right or a permission that is granted to a system entity to access a system resource.
Authorization
Ensuring timely and reliable access to and use of information by authorized users.
Availability
A documented, lowest level of security configuration allowed by a standard or organization.
Baseline
Biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns.
Biometric
Malicious code that acts like a remotely controlled “robot” for an attacker, with other Trojan and worm capabilities
Bot
Information that has been determined to require protection against unauthorized disclosure and is marked to indicate its classified status and classification level when in documentary form.
Classified or Sensitive Information
The characteristic of data or information when it is not made available or disclosed to unauthorized persons or processes.
Confidentiality
A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function.
Criticality
The property that data has not been altered in an unauthorized manner. It covers data in storage, during processing and while in transit. What is this concept?
Data Integrity
The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings.
Encryption
In 2016, the European Union passed comprehensive legislation that addresses personal privacy, deeming it an individual human right.
General Data Protection Regulation (GDPR)
The process of how an organization is managed; usually includes all aspects of how decisions are made for that organization, such as policies, roles and procedures the organization uses to make those decisions.
Governance
This U.S. federal law is the most important healthcare information regulation in the United States. It directs the adoption of national standards for electronic healthcare transactions while protecting the privacy of individual’s health information. Other provisions address fraud reduction, protections for individuals with health insurance and a wide range of other healthcare-related activities.
Health Insurance Portability and Accountability Act (HIPAA)
The magnitude of harm that could be caused by a threat’s exercise of a vulnerability.
Impact
The potential adverse impacts to an organization’s operations (including its mission, functions and image and reputation), assets, individuals, other organizations, and even the nation, which results from the possibility of unauthorized access, use, disclosure, disruption, modification or destruction of information and/or information systems.
Information Security Risk
IEEE is a professional organization that sets standards for telecommunications, computer engineering and similar disciplines. What does IEEE stand for?
Institute of Electrical and Electronics Engineers
The property of information whereby it is recorded, used and maintained in a way that ensures its completeness, accuracy, internal consistency and usefulness for a stated purpose
Integrity