Chapter 11 - Security Administration Flashcards
what is transitioning?
11 - 397
this occurs when you have an on-boarding or an off-boarding of a business partner
what is a SLA?
11 - 398
Service Level Agreement - defines the level of service to be provided
what is BPO?
11 - 398
Blanket Purchase Order - agreement between government agency and private company for ongoing purchases of goods or services
what is MOU?
11 - 398
Memorandum of Understanding - tells what portion of the work that each party is responsible for
what is ISA?
11 - 398
Interconnection Security Agreement - this documents the technical requirements of the connected systems between two organizations
what is risk awareness?
11 - 398
2 organizations communicate with each other to share information regarding risks
when you are providing security educations programs for people, you need to consider 3 audience types. what are they?
11 - 399
organization as a whole
management
technical staff
there are 6 areas that organization-wide security training should cover. what are they?
11 - 400
R - responsibilities I - importance of security P - policies and procedures U - usage S - social engineering A - account and password-selection
management security training is concerned with what?
11 - 400
more global stuff, the hows and whys of a security program
Here are the Safety topics. Give me the definitions for each one. fencing lighting locks CCTV escape plans drills escape routes testing controls (3 types)
11 - 401,402
to increase physical security need areas well lit increased strength means increased cost surveillance how to get out of the building run the escape plan to know that it works use this in your escape plan technical, management, operational
clean desk policy
11 - 402
keep your work area clean
compliance with laws
11 - 403
do not neglect them
data handling
11 - 404
if there’s some data that someone needs to work with, they are the only people who should access it
policy on personally owned devices
11 - 404
keep them at home
personally identifiable information
11 - 404
self-explanatory, info that can identify an individual
prevent tailgating
11 - 405
when someone comes in right behind you through an open door
safe internet habits
11 - 406
we’ve been over this a billion times
smart computing habits
11 - 406
encourage reading of the EULA
social networking dangers
11 - 406
facebook, twitter, phishing crap
the need for all computing to be safe
11 - 406
at a MINIMUM, the home systems need to be running firewalls and updated virus scanners
value of strong passwords
11 - 407
keep them strong
understanding data labeling and handling
11 - 407
different types of data have different values and need to be labeled accordingly
disposing of old media
11 - 408
hammer, drill, or fire
responding to hoaxes
11 - 408
refuse to panic and contact IT
tell me the 3 types of information your organization keeps and their percentages
11 - 409
public - 20%
internal, private - 80%
restricted - ??
tell me the 5 gov’t & military classifications
11 - 412
unclassified sensitive but unclassified confidential secret top secret
the CIA triad
11 - 414
confidentiality
integrity
availability
what is HIPAA for?
11 - 415
Health Insurance Portability and Accountability Act
mandates national standards and procedures for the storage, use, and transmission of personal medical information
what is Gramm-Leach-Bliley Act?
11 - 415
to develop privacy notices
also known as
what is the CFAA?
11 - 416
Computer Fraud and Abuse Act
to address issues of fraud and abuse, gives the FBI the ability to prosecute hackers and spammers as terrorists
FERPA?
11 - 416
Family Educational Rights and Privacy Act
educational institutions may not release information to unauthorized parties
Computer Security Act
11 - 416
requires federal agencies to identify and protect computer systems that contain sensitive information
what is CESA?
11 - 417
Cyberspace Electronic Security Act
gives law enforcement the right to gain access to encryption keys and cryptography methods
Cyber Security Enhancement Act
11 - 417
allows the feds relatively easy access to ISPs and data transmission facilities to monitor communications of individuals
PATRIOT ACT
11 - 417
gives the government extreme latitude in pursuing criminals who commit terrorist acts
limited vs full distribution?
limited - not intended for public release, goes to law enforcement, medical facilities
full - public
what does SOX stand for?
sarbanes-oxley - if you’re a publically traded company, you will have more visibility to traders
implicit DENY
what is SCADA?
11 - 421
supervisory control and data acquisition
