Domain 1 set 5 Flashcards
Wassenaar Agreement
Export Restriction
No exporting strong encryption or bombs
ARO
Annual Rate Of Occurrence
How often the threat is expected
EF
Exposure Factor
the % of loss that is expected from an risk event
Asset Value X Exposure Factor = ?
SLE
GLBA
Gramm -Leach - Bailey Act
Covers Financial institutions
HIPAA
Health Insurance Portability and Accountability Act
Typosquatting
URL Hijacking
Cybersquatting
domain squatting
STRIDE
Is a Threat categorization scheme from Microsoft
spoofing tampering repudiation info disclosure DOS attack Elevation of privilege
The First step of a BCP should perform?
(BOA) Business Organization Analysis
SOX
Sarbanes - Oxlet Act of 2002
Publicly traded companies have regulation on financial reports
Software code is a threat to what CIA
Availability
Code injection is a threat to what CIA
Integrity
Keylogger is a threat to what CIA
Confidentiality
4 CIA Confidentiality threats
- Attacks on Encryption
- Social Engineering
- Key Logger
- IOT internet of Things
MOA /MOU
Memorandums of Agreement / understanding for Essential personnel
IAAA
A frame work Identification Authentication Authorization Accountability
IPS / IDS ensure what of CIA
Availability
Patch management ensure what of CIA
Availability
Entrapment is a ?
Solid legal defense strategy
ISO 27799 standard is focused around?
Protecting PHI
Exigent circumstance is?
Immediate threat to Human life or evidence destruction.
Only applies to law enforcement or “ under the color of law”
IT logs and Documents are what type of Evidence?
Secondary Evidence
When you see something, what type of evidence?
Direct Evidence
Counterfeiting is ?
an attack on trademarks
Allows search and seizure without immediate disclosure
Patriot Act of 2001
The Control Framework that is focused on IT service management
ITIL
“The Majority of the proof” relate to what law?
Civil Law
To much integrity what will suffer?
Availability
Tangible and physical objects are what type of evidence
Real evidence
Hard drives, usb sticks but not the data on them.
To much confidentiality what will suffer?
Availability
Honeypots and honeynets need to be appoved by who?
Senior management and legal department
To much Availability what will suffer?
confidentiality and integrity
Password hashing with salting is what part of the CIA?
Integrity
The 3 Rules of HIPAA
- privacy Rule
- security Rules
- Breach notification Rules