Chapter 5 Flashcards
A method of sanitization that applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).
Clear
A predetermined set of instructions or procedures that describe how an organization’s mission-essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.
Continuity of Operations Plan (COOP)
To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field.
Degauss
A method of sanitization that renders target data recovery infeasible using state-of-the-art laboratory techniques and results in the subsequent inability to use the media for storage of data.
Destroy
Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities.
Disaster Recovery Plan (DRP)
Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities.
Disaster Recovery Plan (DRP)
A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities
A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.
Disaster Recovery Plan (DRP)
The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber-attack against an organization’s information systems.
Incident Response Plan
Magnetic representation of residual information remaining on a magnetic medium after the medium has been cleared.
Magnetic Remanence
The actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.
Media Sanitization
A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.
Patch
The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions.
Patch Management
The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions.
Purge
A process to render access to target data on the media infeasible for a given level of effort.
Sanitize
A method of erasing electronically stored data, cryptographic keys, and credential service providers (CSPs) by altering or deleting the contents of the data storage to prevent recovery of the data.
Zeroization
To remove or eliminate the key from a cryptographic equipment or fill device.
Zeroize
Include the incorporation of new or modified services, the removal or termination of services, and all coordination to ensure continuity in the security posture of the system while addressing service availability issues.
Service Availability
Include the number, qualifications, and scheduling of operators, contingency operations, and all associated training, competency, regulatory, and compliance needs.
Staffing Strategy for Operators
Preserve the security posture of the system and address the timing and methods to securely incorporate services, revisions, patches, and enhancements in accordance with strategic plans and in response to on-demand needs.
Release and Reacceptance Criteria
Address the security posture of the system, inclusive of its security functions, across the defined modes of operation.
Operational and Contingency, Degraded, Alternative, and Other Modes of Operation
Include the shutdown and or halted, standby, normal, degraded, reduced capacity, training, simulation, test, and other operations or sustainment modes specific to the system and its intended uses.
Mode of Operation
Defined by a security configuration and behavior that includes all defined transitions within and between modes.
Mode of Operation
System operators need to be made aware of the security aspects of performance and be trained to detect and determine when security performance levels are not being met or when other system performance issues impact security performance.
Measures for Operation that Provide Insight into Performance Levels