Chapter_2 vocab

Question 1

comprehensive security?

Answer 1

all routes of attack to systems are closed to attackers.

Question 2

how often should firewall logs be read and what is logged?

Answer 2

should be read daily. all provable attack packets are blocked and logged.

Question 3

weakest-link?

Answer 3

failure of a single element of a system.

Question 4

what are processes?

Answer 4

planned series of actions

Question 5

what is the plan, protect and respond cycle?

Answer 5

plan based protection and response to attacks on a network following a specific plan.

Question 6

protect portion of the IT cycle is what?

Answer 6

plan-based creation and operation of countermeasures .

Question 7

SDLC?

Answer 7

systems development life cycle: planning - implementation of security.

Question 8

Response portion of IT security?

Answer 8

Response: recovery according to plan.

a plan is created ahead of time so that if there is an incident then the IT staff can respond quickly.

Question 9

SNMP?

Answer 9

Simple Network Management Protocol: used by most organizations to access and manage thousands of devices remotely. get command’ allows remote viewing of issues, set command’ allows remote uploading of programs etc.

Question 10

describe how IT security is planned for a corp?

Answer 10

1st look at current security, then look at driving forces that will cause changes like: a merger, corporate structure changes and compliance laws and regulations. 3rd look at all resources and classify by sensitivity. 4th identify gaps in security and create plans to fix them based on highest reward 1st.

Question 11

driving forces?

Answer 11

things that require a firm to change its security planning, protections and response such as a company merger, new products or servers taken on, etc.

Question 12

compliance laws and regulations are what?

Answer 12

laws usually in place to force companies to protect documentation and identity information of customers.

Question 13

material control deficiency?

Answer 13

when it is very likely that in the yearly financial statement there will be material misstated and not be detected. this is a security risk and is mandated by law to be prevented.

Question 14

FISMA?

Answer 14

federal information security management act: continuous monitoring of all gov. info that is contracted out.

Question 15

FTC?

Answer 15

Federal Trade Commission: prosecutes firms that do not protect private info. of clients.also requires yearly security audits of firms if in violation.

Question 16

what companies must stand with the standards of the PCI-DSS? what is this

Answer 16

PCI-DSS: payment card industry-data security standard: anyone that accepts credit cards. requirements.

Question 17

FISMA is what? who uses it?

Answer 17

Federal Information security Management Act: all gov. agencies or IT companies/ areas where gov. info is stored must be audited yearly and then is certified. if a higher level of security is needed then the organization must be accredited by being checked by an accrediting org. then the company/ organization is (ATO) authorized to operate.

Question 18

CSO?

Answer 18

chief security officer

Question 19

what job does the CSO hold?

Answer 19

Chief Security Officer: head of security I.T department sometimes called: Chief information Security Officer

Question 20

CIO?

Answer 20

Chief Information officer: the highest positing in IT department.