Domain 1 set 4 Flashcards
Known as a Program Policy
Organizational security Policy
What are the 9 steps in NIST 800-30
- System characterization
- Threat Identification
- Vulnerability Identification
- Control Analysis
- Likelihood Determination
- Impact Analysis
- Risk Determination
- Control Recommendations
- Results Documentation
Vulnerability
Weaknesses in security Controls
The card industry Data security standard
PCI DSS
Is a single system Risk assessment?
FRAP
What is it called when a data owner accepts the certification?
Accreditation
Copyrights are good for?
Life Time Plus 70 years after
Business 95 years
Who plans, builds, runs and monitors activities in alignment with the direction set .
Management
Who is responsible for Data Privacy Requirements?
Data Owners
AV
Asset Value
Privacy Act of 1974
applies only to federal Agencies
Residual Risk
The amount of risk left over after a risk response
What committee of sponsoring organizations of the treadway commission?
COSO
A Threat
An external force that Jeopardizing security
What Plan is used to bring back business functions?
BRP
GDPR
updated EU Law for 2018
How long is a Patent?
20 years
“NEED TO KNOW” is what type of control?
Horizontal Control
What is the self Directed Rick Evaluation methodology
OCTAVE
What act is for Identity theft
(ITADA) Identity Theft and Assumption Deterrence Act
Used to ensure Honest opinions using Anonymous communications
Delphi Technique
What is Data in use?
Data in memory, memory caches and CPU Registers
Who monitors the performance?
Governance
Vertical Control?
example Top secret, secret, etc…
Not Mandatory policy for best practices
Guidelines
Proactive Controls are?
Safeguards
What are the 8 steps to EDRM
The Electronic Discovery Reference Model
- Identification
- Preservation
- Collection
- processing
- review
- Analysis
- Production
- Presentation
OEP
Occupant Emergency Plan
Step by Steps Directives
Procedures
An username is what part of IAAA?
Identification