Chapter 11: Security Administration Flashcards
Service Level Agreement (SLA)
Defines the level of service to be provided, e.g. tech support availability
Blanket Purchase Order (BPO)
An agreement between a government agency and a private company for ongoing purchases of goods or services.
Memorandum of Understanding (MOU)
Brief summary of which party is responsible for what portion of the work
Interconnection Security Agreement (ISA)
Documents the technical requirements of two organizations that have connected systems.
Risk Awareness
Both organizations communicating with each other to share info regarding risks
Areas that should be covered when training the entire organization on security issues
- Importance of security
- Responsibilities of people in the organization
- Policies and procedures
- Usage policies
- Account and password-selection criteria
- Social engineering prevention
Clean Desk Policy
Maintain clean desks and leave out only papers that are relevant to the project that they are working on at the moment
Personally Identifiable Information (PII)
Any data that can be used to uniquely identify an individual.
Piggybacking
Same as tailgating, but with the permission of the first person
Scareware
Software that tries to convince users that a threat exists
Rogueware
Scareware that convinces users to pay money
What percentage of info in an organization is typically public? private?
20%
80%
Nondisclosure Agreement (NDA)
Privacy requirements that exist for a product
Working Documents
Another name for private information
Internal vs. Restricted Information
Internal info is virtually any info that is needed to run a business and is private, and restricted info differs in that it could actually seriously damage the organization if it is released.