Chapter 11: Implementing Policies to Mitigate Risks Flashcards
An ____ ____ ____ defines proper system usage for users and spells out rules of behavior when accessing systems and networks. It often provides specific examples of unacceptable usage, such as visiting certain web sites, and typically includes statements informing users that the organization monitors user activities. Users are required to read and sign it when hired, and in conjunction with refresher training.
acceptable use policy
____ ____ policies require employees to take time away from their job. These policies help to reduce fraud and discover malicious activities by employees.
Mandatory vacation
A ____ ___ _____ policy separates individual tasks of an overall function between different entities or different people, and helps deter fraud. For example, a single person shouldn’t be able to approve bills and pay them, or print checks and then sign them.
separation of duties
____ ______ policies require employees to change roles on a regular basis. Employees might swap roles temporarily, such as for three to four weeks, or permanently. These policies help to prevent employees from continuing with fraudulent activities, and help detect fraud if it occurs.
Job rotation
____ _____ policies require users to organize their desks and surrounding areas to reduce the risk of possible data theft and
password compromise.
Clean desk
____ _____ are performed before hiring an employee. Once hired, onboarding processes give employees access to resources.
Background checks
An ____ ____ is conducted before an employee departs the organization, and the account is typically disabled during the interview.
exit interview
Improper use of ___ ____ sites can result in inadvertent information disclosure. Attackers gather information from these sites to launch attacks against users, such as cognitive password attacks to change users’ passwords. Training reduces these risks.
social networking
A __-_____ _____helps ensure that proprietary data is not shared.
non-disclosure agreement (NDA)
A ____ ____ ____ is an agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.
service level agreement (SLA)
An ____ ____ ____ specifies technical and security requirements for connections and ensures data confidentiality while data is in transit.
interconnection security agreement (ISA)
A _____ or _____ supports an ISA, but doesn’t include technical details.
memorandum of understanding or memorandum of agreement (MOU/MOA)
Information ______ practices help protect sensitive data by ensuring users understand the value of data. Data _____ ensures that users know what data they are handling and processing.
classification
labeling
_____ data is available to anyone. _____ data is information that an organization intends to keep secret among a certain group of people. ______ data is data that is related to ownership, such as patents or trade secrets. _____ data includes PII and PHI.
Public
Confidential
Proprietary
Private
_____ and _____ methods ensure that sensitive data is removed from decommissioned systems. File shredders remove all remnants of a file. Wiping methods erase disk drives.
Destruction and sanitization
______ a disk magnetically erases all the data. Physically destroying a drive is the most secure method of ensuring unauthorized personnel cannot access proprietary information.
Degaussing
_____ policies identify how long data is retained. They can limit a company’s exposure to legal proceedings and reduce the amount of labor required to respond to court orders.
Retention
___ ___ ___ is used to personally identify an individual. Examples include the full name, birth date, address, and medical information of a person.
Personally Identifiable Information (PII)
____ ____ ____ is PII that includes medical or health-related information.
Personal Health Information (PHI)
____/_____ requires special handling for data retention. Many laws mandate the protection of both, and require informing individuals when an attack results in the compromise of them.
PII/PHI
A ____ _____ has overall responsibility for data. A ____ or custodian handles routine tasks to protect data. A ____ officer is responsible for ensuring an organization complies with relevant laws to protect privacy data, such as PII or PHI.
data owner
steward
privacy
An ____ ____ policy defines an incident and response procedures. Organizations review and update incidents periodically and after reviewing lessons learned after actual incidents.
incident response
The _____ step in incident response is preparation. It includes creating and maintaining an incident response policy and includes prevention steps such as implementing security controls to prevent malware infections.
first
Before acting, personnel verify an event is an actual incident. Next, they attempt to _____ or isolate the problem. Disconnecting a computer from a network will isolate it.
contain
______ attempts to remove all malicious components left after an incident. Recovery restores a system to its original state. Depending on the scope of the incident, administrators might completely rebuild the system, including applying all updates and patches.
Eradication
A review of ____ _____ helps an organization prevent a reoccurrence of an incident.
lessons learned
The order of ____ for data from most volatile to least volatile is cache memory, regular RAM, a paging file, hard drive data, logs stored on remote systems, and archived media.
volatility
Forensic experts ____ __ _____ of the data before analysis to preserve the original and maintain its usability as evidence.
capture an image
____ ____ imaging creates a forensic copy and prevents the forensic capture and analysis from modifying the original evidence.
Hard drive
A ____ image is a bit-by-bit copy of the data and does not modify the data during the capture.
forensic
______ provides integrity for images, including images of both memory and disk drives.
Hashing
Taking a hash before and after capturing a disk image verifies that the capturing process did not modify data. Hashes can reveal evidence tampering or, at the very least, that evidence has lost _____.
integrity
A _____ ___ _____ provides assurances that personnel controlled and handled evidence properly after collecting it. It may start with a tag attached to the physical item, followed by a form that documents everyone who handled it and when they handled it.
chain of custody
A ____ ____ requires an organization to protect existing data as evidence.
legal hold
Security awareness and training programs reinforce user compliance with security policies and help ____ risks posed by users.
reduce
_____-_____ training ensures that personnel receive the training they need. For example, executives need training on whaling attacks.
Role-based
Common roles that require ____-_____ training are data owners, system administrators, system owners, end users, privileged users, and executive users.
role-based
_____ _____ programs ensure that personnel are kept up to date on current technologies, threats, and vulnerabilities.
Continuing education
