Chapter 11: Security Administration Flashcards

1
Q

Transitioning

A

This is when you begin or terminate close business relations with a new partner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do you need to think about when transitioning?

A

Whether your policies work together, what your interoperability policies look like, and whether your security requirements mesh
-Who owns the data? How will it be backed up and managed?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Service Level Agreement (SLA)

A

Defines the level of service that’s going to be provided. How long will response time be for an on site tech?
SLA will typically have a technical definition in terms of mean time between failures (MTBF), mean time to repair or mean time to recovery (MTTR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Blanket Purchase Order (BPO)

A

An ongoing agreement between the government and a private company in which the government agrees to keep purchasing materials, equipment, or services from a company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The Memorandum of Understanding (MOU)

A

Summarizes which party is responsible for what part of the work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Interconnection Security Agreement (ISA)

A

Documents the technical requirements for interconnected infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Clean Desk Policy

Training Topics

A

Make sure employees won’t leave important information out in the open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Compliance with laws, best practices, and standards

Training Topics

A

Keep your users educated on which rules they must follow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data Handling

Training Topics

A

Only let those who need data access it. Least Privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Personally Owned Devices

Training Topics

A

Don’t let employees use flash drives, DVDs, cell phones, laptops, whatever. Just don’t.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Prevent tailgating

Training Topics

A

Tell people to be aware of what’s going on around them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Safe Internet Habits

Training Topics

A

Training users to avoid malicious sites and only visit trusted web servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Public Information

A

Information available to the public or certain external entities.
<b>Limited Distribution</b>
-Private information, but it is shared with outside entities like a bank or something
<b>Full Distribution</b>
-Available to everyone!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Private Information

A

Could embarrass the company, disclose trade secrets, or worse
<b>Internal Information</b>
-Personnel records, customer lists, medical records, etc.
<b>Restricted Information</b>
-could destroy the company. Proprietary protocols, trade secrets, strategic info, marketing plans, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CIA

A

Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DAD

A

Disclosure, Alteration, Destruction

17
Q

Health Insurance Portability and Accountability Act (HIPAA)

A

Standards for storage, use, and transmission of medical information. Passed in 1996.

  • Covers confidentiality, privacy, and security
  • Fines for HIPAA violations are as high as $250,000
18
Q

Gramm-Leach-Bailey Act (Financial Modernization Act of 1999)

A

Banks can’t release certain information. Custormers can opt out of information sharing. Account info can’t be shared for marketing purposes. I hope it contained some hilarious clause about y2k.

19
Q

Computer Fraud and Abuse Act (CFAA)

A

Hackers and spammers can be classified and tried as terrorists. Anyone who had any knowledge can be tried as an accessory. Not really relevant now that most anyone may be classified as a terrorist threat under the PATRIOT Act.

20
Q

Family Educational Rights and Privacy Act (FERPA)

A

School can’t share information without the student or parent knowledge and permission
-School must give student access to their own record if requested

21
Q

Computer Security Act of 1987

A

Federal agencies must secure sensitive data

22
Q

Cyberspace Electronic Security Act (CESA) 1999

A

Law enforcement has the right to gain access to cipher keys

23
Q

Cyber Security Enhancement Act of 2002

A

Feds have easy access to ISPs and other data transmission to monitor your communications

24
Q

PATRIOT Act of 2001

A

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT).
-Absolutely disgusting show of governmental overreach and betrayal of citizen privacy and humanity.