Chapter 11 - Security Administration

Question 1

what is transitioning?

11 - 397

Answer 1

this occurs when you have an on-boarding or an off-boarding of a business partner

Question 2

what is a SLA?

11 - 398

Answer 2

Service Level Agreement - defines the level of service to be provided

Question 3

what is BPO?

11 - 398

Answer 3

Blanket Purchase Order - agreement between government agency and private company for ongoing purchases of goods or services

Question 4

what is MOU?

11 - 398

Answer 4

Memorandum of Understanding - tells what portion of the work that each party is responsible for

Question 5

what is ISA?

11 - 398

Answer 5

Interconnection Security Agreement - this documents the technical requirements of the connected systems between two organizations

Question 6

what is risk awareness?

11 - 398

Answer 6

2 organizations communicate with each other to share information regarding risks

Question 7

when you are providing security educations programs for people, you need to consider 3 audience types. what are they?

11 - 399

Answer 7

organization as a whole
management
technical staff

Question 8

there are 6 areas that organization-wide security training should cover. what are they?

11 - 400

Answer 8

R - responsibilities
I - importance of security
P - policies and procedures
U - usage
S - social engineering
A - account and password-selection

Question 9

management security training is concerned with what?

11 - 400

Answer 9

more global stuff, the hows and whys of a security program

Question 10

Here are the Safety topics.  Give me the definitions for each one.
fencing
lighting
locks
CCTV
escape plans
drills
escape routes
testing controls (3 types)

11 - 401,402

Answer 10

to increase physical security
need areas well lit
increased strength means increased cost
surveillance
how to get out of the building
run the escape plan to know that it works
use this in your escape plan
technical, management, operational

Question 11

clean desk policy

11 - 402

Answer 11

keep your work area clean

Question 12

compliance with laws

11 - 403

Answer 12

do not neglect them

Question 13

data handling

11 - 404

Answer 13

if there’s some data that someone needs to work with, they are the only people who should access it

Question 14

policy on personally owned devices

11 - 404

Answer 14

keep them at home

Question 15

personally identifiable information

11 - 404

Answer 15

self-explanatory, info that can identify an individual

Question 16

prevent tailgating

11 - 405

Answer 16

when someone comes in right behind you through an open door

Question 17

safe internet habits

11 - 406

Answer 17

we’ve been over this a billion times

Question 18

smart computing habits

11 - 406

Answer 18

encourage reading of the EULA

Question 19

social networking dangers

11 - 406

Answer 19

facebook, twitter, phishing crap

Question 20

the need for all computing to be safe

11 - 406

Answer 20

at a MINIMUM, the home systems need to be running firewalls and updated virus scanners

Question 21

value of strong passwords

11 - 407

Answer 21

keep them strong

Question 22

understanding data labeling and handling

11 - 407

Answer 22

different types of data have different values and need to be labeled accordingly

Question 23

disposing of old media

11 - 408

Answer 23

hammer, drill, or fire

Question 24

responding to hoaxes

11 - 408

Answer 24

refuse to panic and contact IT

Question 25

tell me the 3 types of information your organization keeps and their percentages

11 - 409

Answer 25

public - 20%
internal, private - 80%
restricted - ??

Question 26

tell me the 5 gov’t & military classifications

11 - 412

Answer 26

unclassified
sensitive but unclassified
confidential
secret
top secret

Question 27

the CIA triad

11 - 414

Answer 27

confidentiality
integrity
availability

Question 28

what is HIPAA for?

11 - 415

Answer 28

Health Insurance Portability and Accountability Act

mandates national standards and procedures for the storage, use, and transmission of personal medical information

Question 29

what is Gramm-Leach-Bliley Act?

11 - 415

Answer 29

to develop privacy notices

also known as

Question 30

what is the CFAA?

11 - 416

Answer 30

Computer Fraud and Abuse Act

to address issues of fraud and abuse, gives the FBI the ability to prosecute hackers and spammers as terrorists

Question 31

FERPA?

11 - 416

Answer 31

Family Educational Rights and Privacy Act

educational institutions may not release information to unauthorized parties

Question 32

Computer Security Act

11 - 416

Answer 32

requires federal agencies to identify and protect computer systems that contain sensitive information

Question 33

what is CESA?

11 - 417

Answer 33

Cyberspace Electronic Security Act

gives law enforcement the right to gain access to encryption keys and cryptography methods

Question 34

Cyber Security Enhancement Act

11 - 417

Answer 34

allows the feds relatively easy access to ISPs and data transmission facilities to monitor communications of individuals

Question 35

PATRIOT ACT

11 - 417

Answer 35

gives the government extreme latitude in pursuing criminals who commit terrorist acts

Question 36

limited vs full distribution?

Answer 36

limited - not intended for public release, goes to law enforcement, medical facilities

full - public

Question 37

what does SOX stand for?

Answer 37

sarbanes-oxley - if you’re a publically traded company, you will have more visibility to traders

implicit DENY

Question 38

what is SCADA?

11 - 421

Answer 38

supervisory control and data acquisition