Chapter 11 - Security Administration

Question 1

What is a SLA?

Answer 1

page 398
Service Level Agreement
Defines the level of service to be provided.

Question 2

What is BPO?

Answer 2

page 398
Blanket Purchase Order
An Agreement between a government agency and a private company for ongoing purchases of goods or services.

Question 3

What is MOU?

Answer 3

page 398
Memorandum of Understanding
Brief summary of which party is responsibility for what portion of the work.

Question 4

What is ISA?

Answer 4

page 398

Interconnection Security Agreement

Question 5

What kind of training involves everyone understanding policies, procedures and resources available to deal with security problems?

Answer 5

page 399

Organization

Question 6

Ideally what security awareness should Organization training cover?

Answer 6

page 400

• Importance of security
• Responsibilities of people in the organization
• Policies and procedures
• Usage policies
• Account and password-selection criteria
• Social engineering prevention

Question 7

Who receives additional training or exposure that explains the issues, threats and methods of dealing with threats and will want want to know the hows and whys of security training?

Answer 7

page 400

Management

Question 8

Who receives special knowledge training about methods. implementation and capabilities of the systems used to manage security?

Answer 8

page 400

Technical Staff

Question 9

What are some of the topics relate to the safety of the data or physical environment?

Answer 9

page 401

• Fencing - CCTV
• Lighting - Escape Plans
• Locks - Drills
• Escape Routes - Testing Controls

Question 10

Why is it important to have a clean desk policy?

Answer 10

page 402

Information on the desk can easily be seen by prying eyes and taken by thieving hands.

Question 11

What is P2P?

Answer 11

page404

Peer-to-peer

Question 12

What is PII?

Answer 12

page 404
Personally Identifiable Information
Is a catchall for any data that can be used to uniquely identify an individual.

Question 13

How does NIST define PII?

Answer 13

page 404
Any information about an individual maintained by an agency, including
1. Any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name or biometrics records.
2. Any other information that is linked to an individual, such as medical, education, financial and employment information.

Question 14

What is piggybacking?

Answer 14

page 405

Where the individual knowingly allows another person to tailgate behind hime.

Question 15

What are one safe internet habit?

Answer 15

page 406

Never download or install from unknown sites.

Question 16

What is one smart computing habit?

Answer 16

page 406

read the EULA

Question 17

What is zero day?

Answer 17

page 407

The very day that the attack was discovered.

Question 18

Why is a strong password valuable?

Answer 18

page 407

The stronger the password the harder it is to be compromised

Question 19

How do you dispose of Old Media?

Answer 19

page 408

Hammer, drill, fire

Question 20

What is the definition of hoax?

Answer 20

page 408

A deliberately fabricated falsehood.

Question 21

What are the three classifications of information?

Answer 21

page 409
Public use
Internal use
Restricted use.

Question 22

What is public information?

Answer 22

page 410

Is primarily that which is made available either to the larger public or to specific individuals who need it.

Question 23

What is Limited distribution?

Answer 23

page 410

Information isn’t intended for release to the public.

Question 24

What are the bare minimum security measures be in place for mobile devices?

Answer 24

page 418
Screen Lock Voice Encryption
Strong Password GPS Tracking
Device Encryption Application Control
Remote Wipe/Sanitation Storage Segmentation
Asset Tracking Device Access Control

Question 25

What is BYOD

Answer 25

page 419

Bring you own Device