Domain 1 Flashcards

Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)

1
Q

Confidentiality

A

Seeks to prevent the unauthorized disclosure of information: it keeps data secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Integrity

A

Seeks to prevent unauthorized modification of information. In other words, integrity seeks to prevent unauthorized write access to data. Integrity also seeks to ensure data that is written in an authorized manner is complete and accurate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Availability

A

Ensures that information is available when needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Subject

A

An active entity on an information system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Object

A

A passive data file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Annualized Loss Expectancy

A

The cost of loss due to a risk over a year

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Threat

A

A potentially negative occurrence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Vulnerability

A

A weakness in a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Risk

A

A matched threat and vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Safeguard

A

A measure taken to reduce risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Total Cost of Ownership

A

The cost of a safeguard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Return on Investment

A

Money saved by deploying a safeguard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Disclosure

A

Unauthorized release of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Alteration

A

The unauthorized modification of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Destruction

A

Making systems or data unavailable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Authentication

A

The act of proving an assertion, such as the identity of a computer system user.

17
Q

Authorization

A

Actions you can perform on a system once you have been identified and authenticated

18
Q

Accountability

A

Holds users accountable for their actions

19
Q

Non-repudiation

A

A user cannot deny (repudiate) having performed a transaction.

20
Q

Least privilege

A

Users should be granted the minimum amount of access (authorization) required to do their jobs, but no more.

21
Q

Need to know

A

more granular than least privilege: the user must need to know that specific piece of information before accessing it.

22
Q

Defense-in-Depth

A

Applies multiple safeguards (also called controls: measures taken to reduce risk) to protect an asset.

23
Q

Due care

A

Doing what a reasonable person would do.

24
Q

Due diligence

A

The management of due care.

25
Q

Gross negligence

A

The opposite of due care. Doing what a unreasonable person would do.

26
Q

Civil Law (Legal System)

A

The system of civil law leverages ­codified laws

or statutes to determine what is considered within the bounds of law.

27
Q

Common Law

A

The legal system used in the United States, Canada, the United Kingdom, and most former British colonies, amongst others.

28
Q

Religious Law

A

Religious doctrine or interpretation serves as a source of legal understanding and statutes.

29
Q

Criminal Law

A

Pertains to those laws where the victim can be seen as society itself.

30
Q

Civil Law

A

The victim will be an individual, group, organization.

31
Q

Statutory

A

Statutory damages are those prescribed by law, which can be awarded to the victim even if the victim incurred no actual loss or injury

32
Q

Compensatory

A

The purpose of compensatory damages is to provide the victim with a financial award in effort to compensate for the loss or injury incurred as a direct result of the wrongdoing.

33
Q

Punitive

A

The intent of punitive damages is to punish an individual or organization. These damages are typically awarded to attempt to discourage a particularly egregious violation where the compensatory or statutory damages alone would not act as a
deterrent.

34
Q

Administrative law or regulatory law

A

law enacted by government agencies. Think FCC Regulations, HIPAA Security mandates, FDA regulations and FAA regulations.