Chapter 11: Security Administration

Question 1

Transitioning

Answer 1

This is when you begin or terminate close business relations with a new partner.

Question 2

What do you need to think about when transitioning?

Answer 2

Whether your policies work together, what your interoperability policies look like, and whether your security requirements mesh
-Who owns the data? How will it be backed up and managed?

Question 3

Service Level Agreement (SLA)

Answer 3

Defines the level of service that’s going to be provided. How long will response time be for an on site tech?
SLA will typically have a technical definition in terms of mean time between failures (MTBF), mean time to repair or mean time to recovery (MTTR)

Question 4

Blanket Purchase Order (BPO)

Answer 4

An ongoing agreement between the government and a private company in which the government agrees to keep purchasing materials, equipment, or services from a company.

Question 5

The Memorandum of Understanding (MOU)

Answer 5

Summarizes which party is responsible for what part of the work

Question 6

Interconnection Security Agreement (ISA)

Answer 6

Documents the technical requirements for interconnected infrastructure

Question 7

Clean Desk Policy

Training Topics

Answer 7

Make sure employees won’t leave important information out in the open

Question 8

Compliance with laws, best practices, and standards

Training Topics

Answer 8

Keep your users educated on which rules they must follow

Question 9

Data Handling

Training Topics

Answer 9

Only let those who need data access it. Least Privilege.

Question 10

Personally Owned Devices

Training Topics

Answer 10

Don’t let employees use flash drives, DVDs, cell phones, laptops, whatever. Just don’t.

Question 11

Prevent tailgating

Training Topics

Answer 11

Tell people to be aware of what’s going on around them

Question 12

Safe Internet Habits

Training Topics

Answer 12

Training users to avoid malicious sites and only visit trusted web servers

Question 13

Public Information

Answer 13

Information available to the public or certain external entities.
<b>Limited Distribution</b>
-Private information, but it is shared with outside entities like a bank or something
<b>Full Distribution</b>
-Available to everyone!

Question 14

Private Information

Answer 14

Could embarrass the company, disclose trade secrets, or worse
<b>Internal Information</b>
-Personnel records, customer lists, medical records, etc.
<b>Restricted Information</b>
-could destroy the company. Proprietary protocols, trade secrets, strategic info, marketing plans, etc.

Question 15

CIA

Answer 15

Confidentiality, Integrity, Availability

Question 16

DAD

Answer 16

Disclosure, Alteration, Destruction

Question 17

Health Insurance Portability and Accountability Act (HIPAA)

Answer 17

Standards for storage, use, and transmission of medical information. Passed in 1996.

• Covers confidentiality, privacy, and security
• Fines for HIPAA violations are as high as $250,000

Question 18

Gramm-Leach-Bailey Act (Financial Modernization Act of 1999)

Answer 18

Banks can’t release certain information. Custormers can opt out of information sharing. Account info can’t be shared for marketing purposes. I hope it contained some hilarious clause about y2k.

Question 19

Computer Fraud and Abuse Act (CFAA)

Answer 19

Hackers and spammers can be classified and tried as terrorists. Anyone who had any knowledge can be tried as an accessory. Not really relevant now that most anyone may be classified as a terrorist threat under the PATRIOT Act.

Question 20

Family Educational Rights and Privacy Act (FERPA)

Answer 20

School can’t share information without the student or parent knowledge and permission
-School must give student access to their own record if requested

Question 21

Computer Security Act of 1987

Answer 21

Federal agencies must secure sensitive data

Question 22

Cyberspace Electronic Security Act (CESA) 1999

Answer 22

Law enforcement has the right to gain access to cipher keys

Question 23

Cyber Security Enhancement Act of 2002

Answer 23

Feds have easy access to ISPs and other data transmission to monitor your communications

Question 24

PATRIOT Act of 2001

Answer 24

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT).
-Absolutely disgusting show of governmental overreach and betrayal of citizen privacy and humanity.