Domain 1 - Security and Risk Management Flashcards
What is the NIST Risk Management Publication?
NIST 800-30
What is the ISO standard for risk management?
ISO 27005
What is water holing?
Creating a bunch of websites with similar names, or an attacker infecting websites that are frequented by members of the group being attacked
What is data diddling?
act of modifying info, programs or documents to commit fraud. tampering with input data
What is COSO?
develops guidelines for businesses to evaluate internal controls, risk management, and fraud deterrence. these are goals for the entire organization
What is COBIT?
Created by ISACA, COBIT allows practitioners to govern and manage IT holistically, bridging gap between business requirements, control needs and technical issues. TLDR - IT Governance
What is OCTAVE?
Self Directed Risk Management.
What is ISO 27799?
Directives on how to protect PHI (Protected Health Information)
What are the PCI-DSS principles?
- Build and Maintain a Secure Network and Systems
- Protect Account Data (stored data and cryptography of data in transit)
- Maintain a Vulnerability Management program
- Implement Strong Access Control Measures
- Regularly monitor and test networks
- Maintain an info sec policy
Which CSA Star Level requires 3rd party certification?
Star Level 2
Which CSA Star Level has continuous auditing?
Star Level 3
Which CSA Star Level(s) have continuous self assessment?
Star Level 1 Continuous and Star Level 2 Continuous
Which CSA Star Level is only self-assessment?
Star Level 1
What does the Computer Security Act (CSA) focus on?
Creating computer security plans and ensuring adequate training of system users and owners where the systems would hold sensitive information.
What is the purpose of CALEA?
This is a communication assistance law to aid lawful interception of communications
What is COPPA?
Children online privacy protection act. For those collecting information on those under 13 years of age. Restrictions against marking, must receive consent and display privacy policy.