CIPM Protect Flashcards

1
Q

Data life cycle management

A

information flow management from creation to disposal; mitigation aimed at lowering risks of breaches by decreasing volume and type of data stored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Paul & Copple 11 element DLM model (to reduce “save everything” plan)

A
  1. enterprise objectives: prioritize information
  2. minimalism - discard unless need = Zubuluke standard
  3. Simple procedures and training
  4. Adequacy of information to support task requirements
  5. IS personnel should be included in development of DLM FW
  6. authenticity and accuracy of records needed for court procedures
  7. easy retrievability
  8. distribution (access) controls and encryption
  9. auditability - hash, digital signatures, etc.
  10. Consistency of policy throughout organization
  11. Enforcement (internal) throughout organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IS practices: CIA Triad

A
  • confidentiality (prevent unauthorised disclosure)
  • integrity (prevent unauthorised modification, deletion)
  • availability (accessibility to authorised users)
  • accountability (entity ownership traceable)
  • assurance (4 other objectives met)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IS risk management practices : ISO 27000

A
  1. ID risk
  2. select and implement measures to mitigate risk
  3. track and evaluate risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

3 high level security roles

A
  1. executive: CIO, ISO, etc.
  2. functional: security engineers and security professionals
  3. corollary: support (physical security, privacy professional, supply chain)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

US CERT essential body of knowledge 14 generic competency IS practice areas

A
  1. data security
  2. digital forensics (for security incidents)
  3. enterprise continuity (BCP)
  4. IRP
  5. IS training and awareness
  6. Operations and maintenance of IT systems
  7. network & telecoms security
  8. personnel security
  9. physical/environmental security (computer rooms)
  10. procurement
  11. regulatory standards/compliance
  12. security risk management
  13. strategic security management (IS in line with mission)
  14. system and app security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

PTA (privacy threshold analysis)

A

methodology used to determine whether PIA needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

PIA (privacy impact analysis)

A

methodology for assessing privacy related risks associated with business activities involving personal data processing: -assess existing controls;
-suggest remedial actions/mitigation needed to decrease risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Governance

A

decision rights + accountability ;

processes + standards + roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Malware

A

Malware is a malicious software, such as virus, worm or Trojan horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Virus

A

A virus is a program that attaches itself to a file or another program, often sent via e-mail. A virus needs the presence of a host to work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Ransomware

A

A type of virus that locks a target system until a ransom is paid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly