Chapter 11 - Security Administration Flashcards

1
Q

what is transitioning?

11 - 397

A

this occurs when you have an on-boarding or an off-boarding of a business partner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is a SLA?

11 - 398

A

Service Level Agreement - defines the level of service to be provided

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what is BPO?

11 - 398

A

Blanket Purchase Order - agreement between government agency and private company for ongoing purchases of goods or services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is MOU?

11 - 398

A

Memorandum of Understanding - tells what portion of the work that each party is responsible for

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is ISA?

11 - 398

A

Interconnection Security Agreement - this documents the technical requirements of the connected systems between two organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is risk awareness?

11 - 398

A

2 organizations communicate with each other to share information regarding risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

when you are providing security educations programs for people, you need to consider 3 audience types. what are they?

11 - 399

A

organization as a whole
management
technical staff

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

there are 6 areas that organization-wide security training should cover. what are they?

11 - 400

A
R - responsibilities
I - importance of security
P - policies and procedures
U - usage
S - social engineering
A - account and password-selection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

management security training is concerned with what?

11 - 400

A

more global stuff, the hows and whys of a security program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
Here are the Safety topics.  Give me the definitions for each one.
fencing
lighting
locks
CCTV
escape plans
drills
escape routes
testing controls (3 types)

11 - 401,402

A
to increase physical security
need areas well lit
increased strength means increased cost
surveillance
how to get out of the building
run the escape plan to know that it works
use this in your escape plan
technical, management, operational
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

clean desk policy

11 - 402

A

keep your work area clean

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

compliance with laws

11 - 403

A

do not neglect them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

data handling

11 - 404

A

if there’s some data that someone needs to work with, they are the only people who should access it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

policy on personally owned devices

11 - 404

A

keep them at home

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

personally identifiable information

11 - 404

A

self-explanatory, info that can identify an individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

prevent tailgating

11 - 405

A

when someone comes in right behind you through an open door

17
Q

safe internet habits

11 - 406

A

we’ve been over this a billion times

18
Q

smart computing habits

11 - 406

A

encourage reading of the EULA

19
Q

social networking dangers

11 - 406

A

facebook, twitter, phishing crap

20
Q

the need for all computing to be safe

11 - 406

A

at a MINIMUM, the home systems need to be running firewalls and updated virus scanners

21
Q

value of strong passwords

11 - 407

A

keep them strong

22
Q

understanding data labeling and handling

11 - 407

A

different types of data have different values and need to be labeled accordingly

23
Q

disposing of old media

11 - 408

A

hammer, drill, or fire

24
Q

responding to hoaxes

11 - 408

A

refuse to panic and contact IT

25
tell me the 3 types of information your organization keeps and their percentages 11 - 409
public - 20% internal, private - 80% restricted - ??
26
tell me the 5 gov't & military classifications 11 - 412
``` unclassified sensitive but unclassified confidential secret top secret ```
27
the CIA triad 11 - 414
confidentiality integrity availability
28
what is HIPAA for? 11 - 415
Health Insurance Portability and Accountability Act mandates national standards and procedures for the storage, use, and transmission of personal medical information
29
what is Gramm-Leach-Bliley Act? 11 - 415
to develop privacy notices also known as
30
what is the CFAA? 11 - 416
Computer Fraud and Abuse Act to address issues of fraud and abuse, gives the FBI the ability to prosecute hackers and spammers as terrorists
31
FERPA? 11 - 416
Family Educational Rights and Privacy Act educational institutions may not release information to unauthorized parties
32
Computer Security Act 11 - 416
requires federal agencies to identify and protect computer systems that contain sensitive information
33
what is CESA? 11 - 417
Cyberspace Electronic Security Act gives law enforcement the right to gain access to encryption keys and cryptography methods
34
Cyber Security Enhancement Act 11 - 417
allows the feds relatively easy access to ISPs and data transmission facilities to monitor communications of individuals
35
PATRIOT ACT 11 - 417
gives the government extreme latitude in pursuing criminals who commit terrorist acts
36
limited vs full distribution?
limited - not intended for public release, goes to law enforcement, medical facilities full - public
37
what does SOX stand for?
sarbanes-oxley - if you're a publically traded company, you will have more visibility to traders implicit DENY
38
what is SCADA? 11 - 421
supervisory control and data acquisition