Chapter 5 Flashcards

1
Q

A method of sanitization that applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).

A

Clear

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A predetermined set of instructions or procedures that describe how an organization’s mission-essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.

A

Continuity of Operations Plan (COOP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field.

A

Degauss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A method of sanitization that renders target data recovery infeasible using state-of-the-art laboratory techniques and results in the subsequent inability to use the media for storage of data.

A

Destroy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities.

A

Disaster Recovery Plan (DRP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities.

A

Disaster Recovery Plan (DRP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.

A

Disaster Recovery Plan (DRP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber-attack against an organization’s information systems.

A

Incident Response Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Magnetic representation of residual information remaining on a magnetic medium after the medium has been cleared.

A

Magnetic Remanence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.

A

Media Sanitization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.

A

Patch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions.

A

Patch Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions.

A

Purge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A process to render access to target data on the media infeasible for a given level of effort.

A

Sanitize

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A method of erasing electronically stored data, cryptographic keys, and credential service providers (CSPs) by altering or deleting the contents of the data storage to prevent recovery of the data.

A

Zeroization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

To remove or eliminate the key from a cryptographic equipment or fill device.

A

Zeroize

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Include the incorporation of new or modified services, the removal or termination of services, and all coordination to ensure continuity in the security posture of the system while addressing service availability issues.

A

Service Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Include the number, qualifications, and scheduling of operators, contingency operations, and all associated training, competency, regulatory, and compliance needs.

A

Staffing Strategy for Operators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Preserve the security posture of the system and address the timing and methods to securely incorporate services, revisions, patches, and enhancements in accordance with strategic plans and in response to on-demand needs.

A

Release and Reacceptance Criteria

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Address the security posture of the system, inclusive of its security functions, across the defined modes of operation.

A

Operational and Contingency, Degraded, Alternative, and Other Modes of Operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Include the shutdown and or halted, standby, normal, degraded, reduced capacity, training, simulation, test, and other operations or sustainment modes specific to the system and its intended uses.

A

Mode of Operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Defined by a security configuration and behavior that includes all defined transitions within and between modes.

A

Mode of Operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

System operators need to be made aware of the security aspects of performance and be trained to detect and determine when security performance levels are not being met or when other system performance issues impact security performance.

A

Measures for Operation that Provide Insight into Performance Levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Addressing what the system is not to do in terms of how the system is not to behave, the interactions that are not to occur, and the outcomes that the system should not produce.
Safety Considerations
26
Include data and information collection for security situational awareness assessment.
Monitoring for Changes in Hazards and Threats and the Results of Operational Monitoring Activities
27
Provides insight into variances in the knowledge of disruption, hazard, and threat events in the environment and how they combine with operations to provide vulnerability with potential security-relevant consequences.
Data Collection
28
Include determination of the limits of certainty about the data and information collected; the inherent uncertainty of conclusions and decisions made as a result of the monitoring activities; and the effectiveness, limitations, and constraints of monitoring activities.
Monitoring for Changes in Hazards and Threats and the Results of Operational Monitoring Activities
29
Key elements include: (i) identifying the minimum monitoring frequency of controls, (ii) establishing the control assessment approach, (iii) describing how the monitoring will be conducted, and (iv) may also include privacy reporting.
Continuous Monitoring Strategy
30
Phases include: (i) preparation; (ii) detection and analysis; (iii) containment, eradication, and recovery; and (iv) post-incident activity.
Incident Response Lifecycle
31
The first phase of the IR lifecycle; during this phase, an incident response capability is established, and incident prevention capabilities are put into place.
Preparation
32
The second phase of the IR lifecycle; includes: (i) identification of attacked vectors, (ii) recognizing signs of an incident, (iii) understanding sources of incident precursors and indicators, and (iv) incident documentation,
Detection and Analysis
33
The third phase of the IR lifecycle; includes: (i) choosing a containment strategy, (ii) evidence gathering and handling, (iii) identifying the attacking host, and (iv) eradication and recovery from the incident.
Containment, Eradication, and Recovery
34
The fourth (last) phase of the IR lifecycle; includes: (i) identifying lessons learned, (ii) using collected incident data, and (iii) retaining evidence.
Post-incident Activity
35
Include: (i) shutting down the system, (ii) disconnecting it from the network, or (iii) disabling certain functions.
Containment Options
36
Purpose is to sustain the capability of a system to provide a service.
Maintenance Process
37
Helps to reduce operational security incidents and protect the availability of the system to perform its purpose and provide a service.
Maintenance Strategy
38
The security aspects of the maintenance strategy are developed.
Maintenance Process Outcome
39
The security aspects of maintenance and logistics that constrain system requirements, architecture, or design are identified.
Maintenance Process Outcome
40
Any enabling systems or services needed to support the security aspects of system maintenance and logistics are available.
Maintenance Process Outcome
41
Replaced, repaired, or modified system elements are available in consideration of their security aspects.
Maintenance Process Outcome
42
The need for changes to address security-relevant corrective, perfective, or adaptive maintenance is reported.
Maintenance Process Outcome
43
Security-relevant aspects, failure, and lifetime data, including associated costs, are determined.
Maintenance Process Outcome
44
Traceability of the security aspects of the maintained elements is established.
Maintenance Process Outcome
45
Prepare for security aspects of maintenance.
Develop Secure Maintenance Strategy Action
46
Perform security aspects of maintenance.
Develop Secure Maintenance Strategy Action
47
Perform security aspects of logistics.
Develop Secure Maintenance Strategy Action
48
Manage results of security aspects of maintenance and logistics.
Develop Secure Maintenance Strategy Action
49
Define the security aspects of the maintenance strategy.
Prepare for the Security Aspects of Maintenance Task
50
Identify the system constraints.
Prepare for the Security Aspects of Maintenance Task
51
Identify trades.
Prepare for the Security Aspects of Maintenance Task
52
Identify, plan for, and obtain enabling systems or services.
Prepare for the Security Aspects of Maintenance Task
53
Review incident and problem reports to identify security relevance and associated maintenance needs.
Perform the Security Aspects of Maintenance Task
54
Record the security aspects of maintenance incidents and problems and track their resolution.
Perform the Security Aspects of Maintenance Task
55
Implement the procedures for the correction of random faults or scheduled replacement of system elements to ensure the ability to deliver system security functions and services.
Perform the Security Aspects of Maintenance Task
56
Implement action to restore the system to secure operational status when a random fault causes a system failure.
Perform the Security Aspects of Maintenance Task
57
Perform preventive maintenance by replacing or servicing system elements prior to failure with security-related impact.
Perform the Security Aspects of Maintenance Task
58
Perform failure identification actions when security noncompliance has occurred in the system.
Perform the Security Aspects of Maintenance Task
59
Identify when security-relevant adaptive or perfective maintenance is required.
Perform the Security Aspects of Maintenance Task
60
Perform the security aspects of acquisition logistics.
Perform the Security Aspects of Logistics Task
61
Perform the security aspects of operational logistics.
Perform the Security Aspects of Logistics Task
62
Implement any secure packaging, handling, storage, and transportation needed during the life cycle of the system.
Perform the Security Aspects of Logistics Task
63
Confirm that security aspects incorporated into logistics actions satisfy the required protection levels so that system elements are securely stored and able to meet repair rates and planned schedules.
Perform the Security Aspects of Logistics Task
64
Confirm that the security aspects of logistics actions include security supportability requirements that are planned, resourced, and implemented.
Perform the Security Aspects of Logistics Task
65
Record the security aspects of maintenance and logistics results and any security anomalies encountered.
Manage Results of the Security Aspects of Maintenance and Logistics Task
66
Record operational security incidents and security problems and track their resolution.
Manage Results of the Security Aspects of Maintenance and Logistics Task
67
Identify and record the security-related trends of incidents, problems, and maintenance and logistics actions.
Manage Results of the Security Aspects of Maintenance and Logistics Task
68
Maintain traceability of system elements and the security aspects of maintenance actions and logistics actions performed.
Manage Results of the Security Aspects of Maintenance and Logistics Task
69
Provide security-relevant configuration items from system maintenance to baselines.
Manage Results of the Security Aspects of Maintenance and Logistics Task
70
A collection of activities focused on establishing and maintaining the integrity of products and systems, through control of the processes for initializing, changing, and monitoring the configurations of those products and systems.
Configuration Management (CM)
71
An identifiable part of a system (e.g., hardware, software, firmware, documentation, or a combination thereof) that is a discrete target of configuration control processes.
Configuration (CI)
72
A set of specifications for a system, or configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes.
Baseline Configuration
73
A comprehensive description of the roles, responsibilities, policies, and procedures that apply when managing the configuration of products and systems.
Configuration Management Plan (CM Plan)
74
Establishment of and charter for a group of qualified people with responsibility for the process of controlling and approving changes throughout the development and operational lifecycle of products and systems; may also be referred to as a change control board.
Configuration Control Board
75
Methodology for selecting and naming configuration items that need to be placed under CM.
Configuration Item Identification
76
Process for managing updates to the baseline configurations for the configuration item.
Configuration Change Control
77
Process for assessing or testing the level of compliance with the established baseline configuration and mechanisms for reporting on the configuration status of items placed under CM.
Configuration Monitoring
78
Basic parts include: (i) configuration control board, (ii) configuration item identification, (iii) configuration change control, and (iv) configuration monitoring.
Configuration Management Plan
79
Involves the systematic proposal, justification, implementation, testing, review, and disposition of changes to the systems, including system upgrades and modifications.
Configuration Change Control
80
Includes four phases: (i) planning, (ii) identifying and implementing configurations, (iii) controlling configuration changes, and (iv) monitoring.
Security-focused Configuration Management
81
The policy and procedures documenting what is required for SecCM are completed.
SecCM Planning Phase
82
The secure baseline for the system is developed, reviewed approved and implemented.
SecCM Identifying and Implementing Configuration
83
The information system security engineer focuses on managing change to that the system remains in a secure operational state.
SecCM Controlling Configuration Changes
84
The system is validated to ensure that it meets and is in compliance with organizational policy procedures.
SecCM Monitoring
85
Performed after a change to ensure the system is still operating as intended and in a secure manner.
Verification & Validation
86
Performed to verify the functionality and impact of a change.
Regression Testing
87
A collection of activities focused on establishing and maintaining the integrity of products and systems, through control of the processes for initializing, changing, and monitoring the configurations of those products and systems.
Configuration Management (CM)
88
Include: (i) purge, (ii) clear, and (iii) destroy.
Key Sanitization Methods
89
Uses software or hardware products to overwrite storage space; goal is to replace target data with non-sensitive data; not useable with flash media.
Clear
90
Includes overwrite, block erase, and cryptographic erase though the use of dedicated standardized device sanitize commands that apply media specific techniques to bypass the abstraction inherent in typical read and write commands; can't be used on non-volatile non-magnetic storage.
Purge
91
Includes the use of different types, techniques, and procedures to render data retrieval infeasible.
Destroy
92
Addresses (i) permanent termination of system functions and delivery of services; (ii) permanent termination of personnel; (iii) transform the system and environment to an acceptable state; (iv) concerns for material, data, and information; and (v) transition the system and system elements for future use.
Formal Disposal Strategy
93
Should be created to document the disposal results.
Certificate of Media Disposition