Domain 1 set 1 Flashcards
Electronic Discovery Reference Model
EDRM
gives specifies to policy’s?
Standards
Who creates and manage sensitive Data
Data Controllers
AKA: HR Personal
What policy assigns responsibility
Organizational security Policy
Errors in Data Entry is what part of the CIA
Integrity
SLE X ARO =?
ALE Annual loss Expectancy
Who actually store and process Data?
Data Custodians
Who is responsible for approval of disclosure Request?
Data owners
organizations goals in mind standard?
COSO
An policy that covers Email use, privacy and employee personal use issues?
Issue Specific Policy
What sets the direction thru prioritization?
Governance
What are the 7 steps to implement a Classification Scheme?
- Identity Custodian
- Specify Evaluation Criteria
- Classify and Label each Resource
- Document Exceptions
- Select Security Controls
- Specify declassification Procedures
- create Awareness Program
BIA
Business Impact Analysis
What are the 3 Data states?
- At Rest
- in motion
- In Use
Operationally Critical Threat Asset and Vulnerability Evaluation
OCTAVE
BCP
Business Continuity Planning
Ricks are?
The Combination of a Vulnerability and a corresponding threat.
ITADA
Identity Theft and Assumption Deterrence Act
The Key items in privacy protection for DATA Processors are?
Training and Auditing
Governance
Ensures that the state holders needs conditions and options are evaluated.
How long is the Tactical plan made for?
1 year
A Risk Methodologies that focuses on IT Systems not the Organizational Strategy
NIST SP 800-30
A Risk assessment that use Qualitative analysis to calculate An Risk value
FRAP?
BCP / DRP Address what part of the CIA?
Availability
A system meets the requirements of the Data Owner is called?
Certification
MitM stands for?
Man - in- the - middle
Instance of a compromise
Exploit
Total Risk X Controls Gap = ?
Residual Risk
What are the 4 codes of Ethics?
- Protect the Society, commonwealth and infrastructure
- Act Honorably
- Provide Diligent and competent Service
- Advance and protect
System specific policy
Is Geared towards use of networks, systems, and approved software lists
Import Restrictions
US Safe Harbor Laws
The cypto key need to be provided to law enforcement
The specific methods that threats use to exploit a vulnerability
Threat Vectors
The HIPAA Update
HITECH Act