Domain 1

Question 1

Confidentiality

Answer 1

Seeks to prevent the unauthorized disclosure of information: it keeps data secret

Question 2

Integrity

Answer 2

Seeks to prevent unauthorized modification of information. In other words, integrity seeks to prevent unauthorized write access to data. Integrity also seeks to ensure data that is written in an authorized manner is complete and accurate.

Question 3

Availability

Answer 3

Ensures that information is available when needed

Question 4

Subject

Answer 4

An active entity on an information system

Question 5

Object

Answer 5

A passive data file

Question 6

Annualized Loss Expectancy

Answer 6

The cost of loss due to a risk over a year

Question 7

Threat

Answer 7

A potentially negative occurrence

Question 8

Vulnerability

Answer 8

A weakness in a system

Question 9

Risk

Answer 9

A matched threat and vulnerability

Question 10

Safeguard

Answer 10

A measure taken to reduce risk

Question 11

Total Cost of Ownership

Answer 11

The cost of a safeguard

Question 12

Return on Investment

Answer 12

Money saved by deploying a safeguard

Question 13

Disclosure

Answer 13

Unauthorized release of information

Question 14

Alteration

Answer 14

The unauthorized modification of data

Question 15

Destruction

Answer 15

Making systems or data unavailable

Question 16

Authentication

Answer 16

The act of proving an assertion, such as the identity of a computer system user.

Question 17

Authorization

Answer 17

Actions you can perform on a system once you have been identified and authenticated

Question 18

Accountability

Answer 18

Holds users accountable for their actions

Question 19

Non-repudiation

Answer 19

A user cannot deny (repudiate) having performed a transaction.

Question 20

Least privilege

Answer 20

Users should be granted the minimum amount of access (authorization) required to do their jobs, but no more.

Question 21

Need to know

Answer 21

more granular than least privilege: the user must need to know that specific piece of information before accessing it.

Question 22

Defense-in-Depth

Answer 22

Applies multiple safeguards (also called controls: measures taken to reduce risk) to protect an asset.

Question 23

Due care

Answer 23

Doing what a reasonable person would do.

Question 24

Due diligence

Answer 24

The management of due care.

Question 25

Gross negligence

Answer 25

The opposite of due care. Doing what a unreasonable person would do.

Question 26

Civil Law (Legal System)

Answer 26

The system of civil law leverages ­codified laws

or statutes to determine what is considered within the bounds of law.

Question 27

Common Law

Answer 27

The legal system used in the United States, Canada, the United Kingdom, and most former British colonies, amongst others.

Question 28

Religious Law

Answer 28

Religious doctrine or interpretation serves as a source of legal understanding and statutes.

Question 29

Criminal Law

Answer 29

Pertains to those laws where the victim can be seen as society itself.

Question 30

Civil Law

Answer 30

The victim will be an individual, group, organization.

Question 31

Statutory

Answer 31

Statutory damages are those prescribed by law, which can be awarded to the victim even if the victim incurred no actual loss or injury

Question 32

Compensatory

Answer 32

The purpose of compensatory damages is to provide the victim with a financial award in effort to compensate for the loss or injury incurred as a direct result of the wrongdoing.

Question 33

Punitive

Answer 33

The intent of punitive damages is to punish an individual or organization. These damages are typically awarded to attempt to discourage a particularly egregious violation where the compensatory or statutory damages alone would not act as a
deterrent.

Question 34

Administrative law or regulatory law

Answer 34

law enacted by government agencies. Think FCC Regulations, HIPAA Security mandates, FDA regulations and FAA regulations.