Chapter 11: Security Administration Flashcards

1
Q

Service Level Agreement (SLA)

A

Defines the level of service to be provided, e.g. tech support availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Blanket Purchase Order (BPO)

A

An agreement between a government agency and a private company for ongoing purchases of goods or services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Memorandum of Understanding (MOU)

A

Brief summary of which party is responsible for what portion of the work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Interconnection Security Agreement (ISA)

A

Documents the technical requirements of two organizations that have connected systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk Awareness

A

Both organizations communicating with each other to share info regarding risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Areas that should be covered when training the entire organization on security issues

A
  • Importance of security
  • Responsibilities of people in the organization
  • Policies and procedures
  • Usage policies
  • Account and password-selection criteria
  • Social engineering prevention
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Clean Desk Policy

A

Maintain clean desks and leave out only papers that are relevant to the project that they are working on at the moment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Personally Identifiable Information (PII)

A

Any data that can be used to uniquely identify an individual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Piggybacking

A

Same as tailgating, but with the permission of the first person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Scareware

A

Software that tries to convince users that a threat exists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Rogueware

A

Scareware that convinces users to pay money

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What percentage of info in an organization is typically public? private?

A

20%

80%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Nondisclosure Agreement (NDA)

A

Privacy requirements that exist for a product

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Working Documents

A

Another name for private information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Internal vs. Restricted Information

A

Internal info is virtually any info that is needed to run a business and is private, and restricted info differs in that it could actually seriously damage the organization if it is released.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

CIA Triad

A

Confidentiality, Integrity, Availability

17
Q

Health Insurance Portability and Accountability Act (HIPAA)

A

A regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information.

18
Q

Gramm-Leach-Bliley Act AKA Financial Modernization Act of 1999

A

Requires financial institutions to develop privacy notices and to notify customers of the privacy they are entitled to. Prohibits banks from sharing your information with third parties

19
Q

Computer Fraud and Abuse Act (CFAA)

A

Gives federal authorities the ability to prosecute hackers, spammers, and others as terrorists

20
Q

Family Educational Rights and Privacy Act (FERPA)

A
  • Educational institutions may not release info to unauthorized parties without express permission.
  • Also must give records to student on request
21
Q

Computer Security Act

A

Requires federal agencies to identify and protect computer systems that contain sensitive info

22
Q

Cyberspace Electronic Security Act (CESA)

A

Gives law enforcement the right to gain access to encryption keys and methods

23
Q

Cyber Security Enhancement Act

A

Allows federal agencies relatively easy access to ISPs and other data transmission facilities to monitor communications of individuals suspected of committing computer crimes.

24
Q

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT)

A

Allows the U.S. Government to conduct virtually any type of surveillance on suspected terrorists