Domain 1 set 3 Flashcards
What is the most common type of policy?
Advisory
Who is responsible for Data Classifications?
Data owners
Who handles the Day to Day Data Governance
Data Steward
A Scheme for classifying Data with Categories?
Taxonomy
HR, Executives, union, ETC…
The Cost of Security of a Risk comes from?
Quantitative anaysis
Aweakness or lack of a safeguard?
Vulnerability
3 ways to Mitigate Risk?
- Reduce2. Accept3. Transfer
Security Governance is the reponsabley of who?
upper management (the Board)
Which standard comes from ISACA?
COBIT
How long is a trademark?
10 years
A dollar figure that represents what the asset is worth to the organization
(AV) Asset Value
What are The Risk control Frameworks?
- COSO
- COBIT
- ISO 27001
- NIST 800_53 (government agencies)
What type of law regulates conduct for company’s
Administrative (regulatory)
minimum acceptable security configuration for a system or process
baseline
How long is the Strategic plan made for?
5 years
Determining which portions of the a standard an organization will use?
Scoping
What process finds trust boundaries and data flow paths?
Reduction Analysis
SCI
Sensitive Compartmented Information
A security Camera is what type of control?
Technical Control
Who sets the frame work?
upper management (the Board)
Types of intellectual property’s
- trade Secrets
- Copyrights
- Trademarks
- Patents
Delphi Technique is part of?
Qualitative Risk Analysis
Vertical Control and Horizontal Control are?
(SCI) Sensitive Compartmented InformationGovernment
The 3 Risk Methodologies?
- Octave
- Frap
- NIST 800-30
A Defaced of a homepage is what part of the IAAA?
Integrity
What type of policy is Mandatory with High level statements that supports strategic Goals of the Organization.
Organizational security Policy
ESI
Electronically Stored information
What are the Steps in Risk Management?
- Risk Assessment
- Risk Analysis
- Risk Mitigation
- Risk Monitoring
Customizing a standard for an organization is called?
Tailoring
The 3 law types
- Criminal Law - Jail time
- Civil Law - Due Care
- Administrative (regulatory) HIPAA
IT goals in mind standard?
COBIT
SLE
Single loss Expectancy